{"id": "RHSA-2014:0772", "hash": "e0b9559adbebcfa0af17124e947cfb25", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0772) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled TCP packets with both the SYN and FIN flags set.\nA remote attacker could use this flaw to consume an excessive amount of\nresources on the target system, potentially resulting in a denial of\nservice. (CVE-2012-6638, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n* While under heavy load, some Fibre Channel storage devices, such as\nHitachi and HP Open-V series, can send a logout (LOGO) message to the host\nsystem. However, due to a bug in the lpfc driver, this could result in a\nloss of active paths to the storage and the paths could not be recovered\nwithout manual intervention. This update corrects the lpfc driver to ensure\nautomatic recovery of the lost paths to the storage in this scenario.\n(BZ#1096060)\n\n* A bug in the futex system call could result in an overflow when passing a\nvery large positive timeout. As a consequence, the FUTEX_WAIT operation did\nnot work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091831)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2014-06-19T04:00:00", "modified": "2017-09-08T11:59:34", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2014:0772", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-6638", "CVE-2014-1737", "CVE-2014-1738"], "lastseen": "2019-08-13T18:46:02", "history": [{"bulletin": {"id": "RHSA-2014:0772", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0772) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled TCP packets with both the SYN and FIN flags set.\nA remote attacker could use this flaw to consume an excessive amount of\nresources on the target system, potentially resulting in a denial of\nservice. (CVE-2012-6638, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n* While under heavy load, some Fibre Channel storage devices, such as\nHitachi and HP Open-V series, can send a logout (LOGO) message to the host\nsystem. However, due to a bug in the lpfc driver, this could result in a\nloss of active paths to the storage and the paths could not be recovered\nwithout manual intervention. This update corrects the lpfc driver to ensure\nautomatic recovery of the lost paths to the storage in this scenario.\n(BZ#1096060)\n\n* A bug in the futex system call could result in an overflow when passing a\nvery large positive timeout. As a consequence, the FUTEX_WAIT operation did\nnot work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091831)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2014-06-19T04:00:00", "modified": "2016-04-04T18:34:20", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0772", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2014-1737", "CVE-2014-1738", "CVE-2012-6638"], "lastseen": "2016-09-04T11:17:56", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"arch": "ia64", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.ppc.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-kdump-devel-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "src", "packageFilename": "kernel-2.6.18-348.27.1.el5.src.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.i386.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-PAE-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-PAE", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-kdump-debuginfo-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "noarch", "packageFilename": "kernel-doc-2.6.18-348.27.1.el5.noarch.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-doc", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-kdump-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-xen-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-kdump-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-kdump-devel-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-PAE-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-PAE-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-kdump-debuginfo-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-xen-debuginfo-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-PAE-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-PAE-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-xen-debuginfo-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}]}, "lastseen": "2016-09-04T11:17:56", "differentElements": ["affectedPackage", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2014:0772", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0772) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled TCP packets with both the SYN and FIN flags set.\nA remote attacker could use this flaw to consume an excessive amount of\nresources on the target system, potentially resulting in a denial of\nservice. (CVE-2012-6638, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n* While under heavy load, some Fibre Channel storage devices, such as\nHitachi and HP Open-V series, can send a logout (LOGO) message to the host\nsystem. However, due to a bug in the lpfc driver, this could result in a\nloss of active paths to the storage and the paths could not be recovered\nwithout manual intervention. This update corrects the lpfc driver to ensure\nautomatic recovery of the lost paths to the storage in this scenario.\n(BZ#1096060)\n\n* A bug in the futex system call could result in an overflow when passing a\nvery large positive timeout. As a consequence, the FUTEX_WAIT operation did\nnot work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091831)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2014-06-19T04:00:00", "modified": "2017-07-29T20:23:52", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0772", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-6638", "CVE-2014-1737", "CVE-2014-1738"], "lastseen": "2017-08-02T12:57:26", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"arch": "i686", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.i386.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-PAE-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-PAE", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "noarch", "packageFilename": "kernel-doc-2.6.18-348.27.1.el5.noarch.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-doc", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-PAE-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-PAE-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}]}, "lastseen": "2017-08-02T12:57:26", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2014:0772", "hash": "ebee887f018ffba291c89f5c472b1c58", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0772) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled TCP packets with both the SYN and FIN flags set.\nA remote attacker could use this flaw to consume an excessive amount of\nresources on the target system, potentially resulting in a denial of\nservice. (CVE-2012-6638, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n* While under heavy load, some Fibre Channel storage devices, such as\nHitachi and HP Open-V series, can send a logout (LOGO) message to the host\nsystem. However, due to a bug in the lpfc driver, this could result in a\nloss of active paths to the storage and the paths could not be recovered\nwithout manual intervention. This update corrects the lpfc driver to ensure\nautomatic recovery of the lost paths to the storage in this scenario.\n(BZ#1096060)\n\n* A bug in the futex system call could result in an overflow when passing a\nvery large positive timeout. As a consequence, the FUTEX_WAIT operation did\nnot work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091831)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2014-06-19T04:00:00", "modified": "2017-09-08T11:59:34", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0772", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-6638", "CVE-2014-1737", "CVE-2014-1738"], "lastseen": "2017-09-09T07:20:27", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"arch": "ppc64", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-kdump-debuginfo-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "src", "packageFilename": "kernel-2.6.18-348.27.1.el5.src.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-kdump-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-kdump-devel-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "noarch", "packageFilename": "kernel-doc-2.6.18-348.27.1.el5.noarch.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-doc", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.ppc.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "kernel-2.6.18-348.27.1.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-kdump-debuginfo-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-kdump-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-kdump-devel-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-kdump-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-xen-debuginfo-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-xen-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-PAE-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-PAE-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-xen-debuginfo-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.i386.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-PAE-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-PAE", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "i686", "packageFilename": "kernel-PAE-devel-2.6.18-348.27.1.el5.i686.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-PAE-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:27", "differentElements": ["affectedPackage"], "edition": 3}, {"bulletin": {"id": "RHSA-2014:0772", "hash": "cbf3648b986b3e06fa35699f5ae28407", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0772) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled TCP packets with both the SYN and FIN flags set.\nA remote attacker could use this flaw to consume an excessive amount of\nresources on the target system, potentially resulting in a denial of\nservice. (CVE-2012-6638, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n* While under heavy load, some Fibre Channel storage devices, such as\nHitachi and HP Open-V series, can send a logout (LOGO) message to the host\nsystem. However, due to a bug in the lpfc driver, this could result in a\nloss of active paths to the storage and the paths could not be recovered\nwithout manual intervention. This update corrects the lpfc driver to ensure\nautomatic recovery of the lost paths to the storage in this scenario.\n(BZ#1096060)\n\n* A bug in the futex system call could result in an overflow when passing a\nvery large positive timeout. As a consequence, the FUTEX_WAIT operation did\nnot work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091831)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2014-06-19T04:00:00", "modified": "2017-09-08T11:59:34", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0772", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-6638", "CVE-2014-1737", "CVE-2014-1738"], "lastseen": "2018-12-11T17:43:36", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6638", "CVE-2014-1737", "CVE-2014-1738"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2014-0772.NASL", "ORACLELINUX_ELSA-2014-3041.NASL", "REDHAT-RHSA-2014-0801.NASL", "CENTOS_RHSA-2014-0740.NASL", "SL_20140610_KERNEL_ON_SL5_X.NASL", "REDHAT-RHSA-2014-0800.NASL", "SUSE_11_KERNEL-140513.NASL", "DEBIAN_DSA-2928.NASL", "ORACLELINUX_ELSA-2014-0740-1.NASL", "ORACLELINUX_ELSA-2014-0740.NASL"]}, {"type": "f5", "idList": ["SOL15304"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30721", "SECURITYVULNS:DOC:30730"]}, {"type": "redhat", "idList": ["RHSA-2014:0801", "RHSA-2014:0900", "RHSA-2014:0800", "RHSA-2014:0740", "RHSA-2014:0433", "RHSA-2014:0786", "RHSA-2014:0557", "RHSA-2014:0771"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123389", "OPENVAS:1361412562310881954", "OPENVAS:1361412562310123393", "OPENVAS:702928", "OPENVAS:1361412562310123392", "OPENVAS:1361412562310702928", "OPENVAS:1361412562310871180", "OPENVAS:1361412562310850807", "OPENVAS:1361412562310841835", "OPENVAS:1361412562310841831"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-3041", "ELSA-2014-0740-1", "ELSA-2014-0740", "ELSA-2014-3042", "ELSA-2014-3043", "ELSA-2014-0433", "ELSA-2014-0433-1", "ELSA-2014-0771", "ELSA-2014-0786"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0667-1", "SUSE-SU-2014:0683-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2928-1:6623C", "DEBIAN:DSA-2926-1:1D594"]}, {"type": "centos", "idList": ["CESA-2014:0740", "CESA-2014:0433", "CESA-2014:0771"]}, {"type": "seebug", "idList": ["SSV:61509"]}, {"type": "ubuntu", "idList": ["USN-2219-1", "USN-2220-1", "USN-2226-1"]}], "modified": "2018-12-11T17:43:36"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T17:43:36", "differentElements": ["cvss"], "edition": 4}, {"bulletin": {"id": "RHSA-2014:0772", "hash": "e1aeb0c0f55044f1b74ca18901dacda0", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0772) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled TCP packets with both the SYN and FIN flags set.\nA remote attacker could use this flaw to consume an excessive amount of\nresources on the target system, potentially resulting in a denial of\nservice. (CVE-2012-6638, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n* While under heavy load, some Fibre Channel storage devices, such as\nHitachi and HP Open-V series, can send a logout (LOGO) message to the host\nsystem. However, due to a bug in the lpfc driver, this could result in a\nloss of active paths to the storage and the paths could not be recovered\nwithout manual intervention. This update corrects the lpfc driver to ensure\nautomatic recovery of the lost paths to the storage in this scenario.\n(BZ#1096060)\n\n* A bug in the futex system call could result in an overflow when passing a\nvery large positive timeout. As a consequence, the FUTEX_WAIT operation did\nnot work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091831)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2014-06-19T04:00:00", "modified": "2017-09-08T11:59:34", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2014:0772", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-6638", "CVE-2014-1737", "CVE-2014-1738"], "lastseen": "2019-05-29T14:34:35", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2019-05-29T14:34:35"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6638", "CVE-2014-1737", "CVE-2014-1738"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2014-0772.NASL", "ORACLELINUX_ELSA-2014-3041.NASL", "REDHAT-RHSA-2014-0801.NASL", "CENTOS_RHSA-2014-0740.NASL", "REDHAT-RHSA-2014-0800.NASL", "SL_20140610_KERNEL_ON_SL5_X.NASL", "REDHAT-RHSA-2014-0740.NASL", "REDHAT-RHSA-2014-0900.NASL", "DEBIAN_DSA-2928.NASL", "SUSE_11_KERNEL-140513.NASL"]}, {"type": "f5", "idList": ["SOL15304"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30721", "SECURITYVULNS:DOC:30730"]}, {"type": "redhat", "idList": ["RHSA-2014:0801", "RHSA-2014:0800", "RHSA-2014:0900", "RHSA-2014:0740", "RHSA-2014:0433", "RHSA-2014:0557", "RHSA-2014:0786", "RHSA-2014:0771"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123389", "OPENVAS:1361412562310881954", "OPENVAS:1361412562310123393", "OPENVAS:1361412562310850807", "OPENVAS:702928", "OPENVAS:1361412562310123392", "OPENVAS:1361412562310702928", "OPENVAS:1361412562310871180", "OPENVAS:1361412562310841831", "OPENVAS:1361412562310841835"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-3041", "ELSA-2014-0740-1", "ELSA-2014-0740", "ELSA-2014-3042", "ELSA-2014-3043", "ELSA-2014-0433-1", "ELSA-2014-0433", "ELSA-2014-0786", "ELSA-2014-0771"]}, {"type": "centos", "idList": ["CESA-2014:0740", "CESA-2014:0433", "CESA-2014:0771"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2928-1:6623C", "DEBIAN:DSA-2926-1:1D594"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0683-1", "SUSE-SU-2014:0667-1"]}, {"type": "seebug", "idList": ["SSV:61509"]}, {"type": "ubuntu", "idList": ["USN-2220-1", "USN-2219-1", "USN-2226-1"]}], "modified": "2019-05-29T14:34:35"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:34:35", "differentElements": ["affectedPackage"], "edition": 5}], "viewCount": 2, "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2019-08-13T18:46:02"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6638", "CVE-2014-1737", "CVE-2014-1738"]}, {"type": "f5", "idList": ["SOL15304"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2014-0772.NASL", "ORACLELINUX_ELSA-2014-3041.NASL", "REDHAT-RHSA-2014-0801.NASL", "REDHAT-RHSA-2014-0800.NASL", "SL_20140610_KERNEL_ON_SL5_X.NASL", "CENTOS_RHSA-2014-0740.NASL", "REDHAT-RHSA-2014-0740.NASL", "REDHAT-RHSA-2014-0900.NASL", "DEBIAN_DSA-2928.NASL", "ORACLELINUX_ELSA-2014-0740.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30721", "SECURITYVULNS:DOC:30730"]}, {"type": "redhat", "idList": ["RHSA-2014:0801", "RHSA-2014:0740", "RHSA-2014:0900", "RHSA-2014:0800", "RHSA-2014:0433", "RHSA-2014:0557", "RHSA-2014:0786", "RHSA-2014:0771"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123389", "OPENVAS:1361412562310881954", "OPENVAS:1361412562310123393", "OPENVAS:1361412562310850807", "OPENVAS:702928", "OPENVAS:1361412562310123392", "OPENVAS:1361412562310871180", "OPENVAS:1361412562310702928", "OPENVAS:1361412562310841831", "OPENVAS:1361412562310123390"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-3041", "ELSA-2014-0740", "ELSA-2014-0740-1", "ELSA-2014-3042", "ELSA-2014-3043", "ELSA-2014-0433-1", "ELSA-2014-0433", "ELSA-2014-0771", "ELSA-2014-0786"]}, {"type": "centos", "idList": ["CESA-2014:0740", "CESA-2014:0433", "CESA-2014:0771"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0683-1", "SUSE-SU-2014:0667-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2928-1:6623C", "DEBIAN:DSA-2926-1:1D594"]}, {"type": "seebug", "idList": ["SSV:61509"]}, {"type": "ubuntu", "idList": ["USN-2220-1", "USN-2219-1", "USN-2226-1"]}], "modified": "2019-08-13T18:46:02"}, "vulnersScore": 7.7}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-xen-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-xen-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-kdump-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-kdump-debuginfo-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-kdump-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-kdump-debuginfo-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-debug-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-devel-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-PAE-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-PAE-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-kdump-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-kdump-devel-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-xen-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-xen-debuginfo-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-xen-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-xen-devel-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-2.6.18-348.27.1.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-xen-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-xen-debuginfo-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-debuginfo-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-PAE-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-PAE-devel-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-devel-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "kernel-debuginfo", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-2.6.18-348.27.1.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-kdump", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-kdump-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-debug", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debug-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-kdump-devel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-kdump-devel-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-PAE", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-PAE-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "kernel-kdump", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-kdump-2.6.18-348.27.1.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "kernel-headers", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-headers-2.6.18-348.27.1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "kernel-debuginfo-common", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-debuginfo-common-2.6.18-348.27.1.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "kernel-doc", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-doc-2.6.18-348.27.1.el5.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i686", "packageName": "kernel-xen", "packageVersion": "2.6.18-348.27.1.el5", "packageFilename": "kernel-xen-2.6.18-348.27.1.el5.i686.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:12:27", "bulletinFamily": "NVD", "description": "The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663.", "modified": "2014-02-18T19:21:00", "id": "CVE-2012-6638", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6638", "published": "2014-02-15T14:57:00", "title": "CVE-2012-6638", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.", "modified": "2017-12-21T02:29:00", "id": "CVE-2014-1737", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1737", "published": "2014-05-11T21:55:00", "title": "CVE-2014-1737", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.", "modified": "2017-12-21T02:29:00", "id": "CVE-2014-1738", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1738", "published": "2014-05-11T21:55:00", "title": "CVE-2014-1738", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:22:45", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 5.9 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of resources on the target system, potentially resulting in a denial of service. (CVE-2012-6638, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738.\n\nThis update also fixes the following bugs :\n\n* While under heavy load, some Fibre Channel storage devices, such as Hitachi and HP Open-V series, can send a logout (LOGO) message to the host system. However, due to a bug in the lpfc driver, this could result in a loss of active paths to the storage and the paths could not be recovered without manual intervention. This update corrects the lpfc driver to ensure automatic recovery of the lost paths to the storage in this scenario. (BZ#1096060)\n\n* A bug in the futex system call could result in an overflow when passing a very large positive timeout. As a consequence, the FUTEX_WAIT operation did not work as intended and the system call was timing out immediately. A backported patch fixes this bug by limiting very large positive timeouts to the maximal supported value.\n(BZ#1091831)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2014-0772.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79031", "published": "2014-11-08T00:00:00", "title": "RHEL 5 : kernel (RHSA-2014:0772)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0772. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79031);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2012-6638\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_xref(name:\"RHSA\", value:\"2014:0772\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2014:0772)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues and two bugs\nare now available for Red Hat Enterprise Linux 5.9 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled TCP packets with both the SYN and FIN flags\nset. A remote attacker could use this flaw to consume an excessive\namount of resources on the target system, potentially resulting in a\ndenial of service. (CVE-2012-6638, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737\nand CVE-2014-1738.\n\nThis update also fixes the following bugs :\n\n* While under heavy load, some Fibre Channel storage devices, such as\nHitachi and HP Open-V series, can send a logout (LOGO) message to the\nhost system. However, due to a bug in the lpfc driver, this could\nresult in a loss of active paths to the storage and the paths could\nnot be recovered without manual intervention. This update corrects the\nlpfc driver to ensure automatic recovery of the lost paths to the\nstorage in this scenario. (BZ#1096060)\n\n* A bug in the futex system call could result in an overflow when\npassing a very large positive timeout. As a consequence, the\nFUTEX_WAIT operation did not work as intended and the system call was\ntiming out immediately. A backported patch fixes this bug by limiting\nvery large positive timeouts to the maximal supported value.\n(BZ#1091831)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1738\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5\\.9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0772\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-PAE-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-debuginfo-common-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"kernel-doc-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-348.27.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-348.27.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:56", "bulletinFamily": "scanner", "description": "Description of changes:\n\nkernel-uek [3.8.13-35.1.2.el6uek]\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028443] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028436] {CVE-2014-1737}", "modified": "2019-01-02T00:00:00", "id": "ORACLELINUX_ELSA-2014-3041.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76184", "published": "2014-06-23T00:00:00", "title": "Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3041)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3041.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76184);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2014-1737\", \"CVE-2014-1738\");\n script_bugtraq_id(67300, 67302);\n\n script_name(english:\"Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-35.1.2.el6uek]\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output \n(Matthew Daley) [Orabug: 19028443] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew \nDaley) [Orabug: 19028436] {CVE-2014-1737}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004198.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-35.1.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-35.1.2.el6uek-0.4.3-4.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-35.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-35.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-35.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-35.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-35.1.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-35.1.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:49", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5.6 Long Life.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\nRed Hat would like to thank Matthew Daley for reporting these issues.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2014-0801.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79290", "published": "2014-11-17T00:00:00", "title": "RHEL 5 : kernel (RHSA-2014:0801)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0801. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79290);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-1737\", \"CVE-2014-1738\");\n script_xref(name:\"RHSA\", value:\"2014:0801\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2014:0801)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.6 Long Life.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\nRed Hat would like to thank Matthew Daley for reporting these issues.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1738\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0801\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-debuginfo-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"kernel-doc-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.53.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.53.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:45", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix three security issues are now available for Red Hat Enterprise Linux 6.2 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\nRed Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, and Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2014-0800.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79032", "published": "2014-11-08T00:00:00", "title": "RHEL 6 : kernel (RHSA-2014:0800)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0800. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79032);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-3153\");\n script_xref(name:\"RHSA\", value:\"2014:0800\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2014:0800)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6.2 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem\nhandled the requeuing of certain Priority Inheritance (PI) futexes. A\nlocal, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, and Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter\nof CVE-2014-3153.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3153\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android \"Towelroot\" Futex Requeue Kernel Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0800\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"kernel-doc-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"kernel-firmware-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-220.52.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-220.52.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:17", "bulletinFamily": "scanner", "description": "- A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n - It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\n - A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate)\n\nThis update also fixes the following bugs :\n\n - A bug in the futex system call could result in an overflow when passing a very large positive timeout. As a consequence, the FUTEX_WAIT operation did not work as intended and the system call was timing out immediately.\n A backported patch fixes this bug by limiting very large positive timeouts to the maximal supported value.\n\n - A new Linux Security Module (LSM) functionality related to the setrlimit hooks should produce a warning message when used by a third party module that could not cope with it. However, due to a programming error, the kernel could print this warning message when a process was setting rlimits for a different process, or if rlimits were modified by another than the main thread even though there was no incompatible third party module.\n This update fixes the relevant code and ensures that the kernel handles this warning message correctly.\n\n - Previously, the kernel was unable to detect KVM on system boot if the Hyper-V emulation was enabled. A patch has been applied to ensure that both KVM and Hyper-V hypervisors are now correctly detected during system boot.\n\n - A function in the RPC code responsible for verifying whether cached credentials match the current process did not perform the check correctly. The code checked only whether the groups in the current process credentials appear in the same order as in the cached credentials but did not ensure that no other groups are present in the cached credentials. As a consequence, when accessing files in NFS mounts, a process with the same UID and GID as the original process but with a non-matching group list could have been granted an unauthorized access to a file, or under certain circumstances, the process could have been wrongly prevented from accessing the file. The incorrect test condition has been fixed and the problem can no longer occur.\n\n - When being under heavy load, some Fibre Channel storage devices, such as Hitachi and HP Open-V series, can send a logout (LOGO) message to the host system. However, due to a bug in the lpfc driver, this could result in a loss of active paths to the storage and the paths could not be recovered without manual intervention. This update corrects the lpfc driver to ensure automatic recovery of the lost paths to the storage in this scenario.\n\nThe system must be rebooted for this update to take effect.", "modified": "2018-12-28T00:00:00", "id": "SL_20140610_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74489", "published": "2014-06-12T00:00:00", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74489);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2013-7339\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - A flaw was found in the way the Linux kernel's floppy\n driver handled user space provided data in certain error\n code paths while processing FDRAWCMD IOCTL commands. A\n local user with write access to /dev/fdX could use this\n flaw to free (using the kfree() function) arbitrary\n kernel memory. (CVE-2014-1737, Important)\n\n - It was found that the Linux kernel's floppy driver\n leaked internal kernel memory addresses to user space\n during the processing of the FDRAWCMD IOCTL command. A\n local user with write access to /dev/fdX could use this\n flaw to obtain information about the kernel heap\n arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\n - A NULL pointer dereference flaw was found in the\n rds_ib_laddr_check() function in the Linux kernel's\n implementation of Reliable Datagram Sockets (RDS). A\n local, unprivileged user could use this flaw to crash\n the system. (CVE-2013-7339, Moderate)\n\nThis update also fixes the following bugs :\n\n - A bug in the futex system call could result in an\n overflow when passing a very large positive timeout. As\n a consequence, the FUTEX_WAIT operation did not work as\n intended and the system call was timing out immediately.\n A backported patch fixes this bug by limiting very large\n positive timeouts to the maximal supported value.\n\n - A new Linux Security Module (LSM) functionality related\n to the setrlimit hooks should produce a warning message\n when used by a third party module that could not cope\n with it. However, due to a programming error, the kernel\n could print this warning message when a process was\n setting rlimits for a different process, or if rlimits\n were modified by another than the main thread even\n though there was no incompatible third party module.\n This update fixes the relevant code and ensures that the\n kernel handles this warning message correctly.\n\n - Previously, the kernel was unable to detect KVM on\n system boot if the Hyper-V emulation was enabled. A\n patch has been applied to ensure that both KVM and\n Hyper-V hypervisors are now correctly detected during\n system boot.\n\n - A function in the RPC code responsible for verifying\n whether cached credentials match the current process did\n not perform the check correctly. The code checked only\n whether the groups in the current process credentials\n appear in the same order as in the cached credentials\n but did not ensure that no other groups are present in\n the cached credentials. As a consequence, when accessing\n files in NFS mounts, a process with the same UID and GID\n as the original process but with a non-matching group\n list could have been granted an unauthorized access to a\n file, or under certain circumstances, the process could\n have been wrongly prevented from accessing the file. The\n incorrect test condition has been fixed and the problem\n can no longer occur.\n\n - When being under heavy load, some Fibre Channel storage\n devices, such as Hitachi and HP Open-V series, can send\n a logout (LOGO) message to the host system. However, due\n to a bug in the lpfc driver, this could result in a loss\n of active paths to the storage and the paths could not\n be recovered without manual intervention. This update\n corrects the lpfc driver to ensure automatic recovery of\n the lost paths to the storage in this scenario.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1406&L=scientific-linux-errata&T=0&P=1720\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1277e16a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-debuginfo-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-debuginfo-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-common-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-debuginfo-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-371.9.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:17", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\n* A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738.\n\nThis update also fixes the following bugs :\n\n* A bug in the futex system call could result in an overflow when passing a very large positive timeout. As a consequence, the FUTEX_WAIT operation did not work as intended and the system call was timing out immediately. A backported patch fixes this bug by limiting very large positive timeouts to the maximal supported value.\n(BZ#1091832)\n\n* A new Linux Security Module (LSM) functionality related to the setrlimit hooks should produce a warning message when used by a third party module that could not cope with it. However, due to a programming error, the kernel could print this warning message when a process was setting rlimits for a different process, or if rlimits were modified by another than the main thread even though there was no incompatible third party module. This update fixes the relevant code and ensures that the kernel handles this warning message correctly.\n(BZ#1092869)\n\n* Previously, the kernel was unable to detect KVM on system boot if the Hyper-V emulation was enabled. A patch has been applied to ensure that both KVM and Hyper-V hypervisors are now correctly detected during system boot. (BZ#1094152)\n\n* A function in the RPC code responsible for verifying whether cached credentials match the current process did not perform the check correctly. The code checked only whether the groups in the current process credentials appear in the same order as in the cached credentials but did not ensure that no other groups are present in the cached credentials. As a consequence, when accessing files in NFS mounts, a process with the same UID and GID as the original process but with a non-matching group list could have been granted an unauthorized access to a file, or under certain circumstances, the process could have been wrongly prevented from accessing the file. The incorrect test condition has been fixed and the problem can no longer occur. (BZ#1095062)\n\n* When being under heavy load, some Fibre Channel storage devices, such as Hitachi and HP Open-V series, can send a logout (LOGO) message to the host system. However, due to a bug in the lpfc driver, this could result in a loss of active paths to the storage and the paths could not be recovered without manual intervention. This update corrects the lpfc driver to ensure automatic recovery of the lost paths to the storage in this scenario. (BZ#1096061)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-28T00:00:00", "id": "CENTOS_RHSA-2014-0740.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74471", "published": "2014-06-12T00:00:00", "title": "CentOS 5 : kernel (CESA-2014:0740)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0740 and \n# CentOS Errata and Security Advisory 2014:0740 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74471);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2013-7339\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_bugtraq_id(66351, 67300, 67302);\n script_xref(name:\"RHSA\", value:\"2014:0740\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2014:0740)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\n* A NULL pointer dereference flaw was found in the\nrds_ib_laddr_check() function in the Linux kernel's implementation of\nReliable Datagram Sockets (RDS). A local, unprivileged user could use\nthis flaw to crash the system. (CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737\nand CVE-2014-1738.\n\nThis update also fixes the following bugs :\n\n* A bug in the futex system call could result in an overflow when\npassing a very large positive timeout. As a consequence, the\nFUTEX_WAIT operation did not work as intended and the system call was\ntiming out immediately. A backported patch fixes this bug by limiting\nvery large positive timeouts to the maximal supported value.\n(BZ#1091832)\n\n* A new Linux Security Module (LSM) functionality related to the\nsetrlimit hooks should produce a warning message when used by a third\nparty module that could not cope with it. However, due to a\nprogramming error, the kernel could print this warning message when a\nprocess was setting rlimits for a different process, or if rlimits\nwere modified by another than the main thread even though there was no\nincompatible third party module. This update fixes the relevant code\nand ensures that the kernel handles this warning message correctly.\n(BZ#1092869)\n\n* Previously, the kernel was unable to detect KVM on system boot if\nthe Hyper-V emulation was enabled. A patch has been applied to ensure\nthat both KVM and Hyper-V hypervisors are now correctly detected\nduring system boot. (BZ#1094152)\n\n* A function in the RPC code responsible for verifying whether cached\ncredentials match the current process did not perform the check\ncorrectly. The code checked only whether the groups in the current\nprocess credentials appear in the same order as in the cached\ncredentials but did not ensure that no other groups are present in the\ncached credentials. As a consequence, when accessing files in NFS\nmounts, a process with the same UID and GID as the original process\nbut with a non-matching group list could have been granted an\nunauthorized access to a file, or under certain circumstances, the\nprocess could have been wrongly prevented from accessing the file. The\nincorrect test condition has been fixed and the problem can no longer\noccur. (BZ#1095062)\n\n* When being under heavy load, some Fibre Channel storage devices,\nsuch as Hitachi and HP Open-V series, can send a logout (LOGO) message\nto the host system. However, due to a bug in the lpfc driver, this\ncould result in a loss of active paths to the storage and the paths\ncould not be recovered without manual intervention. This update\ncorrects the lpfc driver to ensure automatic recovery of the lost\npaths to the storage in this scenario. (BZ#1096061)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-June/020363.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84e9c7b7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-371.9.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-371.9.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:16", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\n* A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738.\n\nThis update also fixes the following bugs :\n\n* A bug in the futex system call could result in an overflow when passing a very large positive timeout. As a consequence, the FUTEX_WAIT operation did not work as intended and the system call was timing out immediately. A backported patch fixes this bug by limiting very large positive timeouts to the maximal supported value.\n(BZ#1091832)\n\n* A new Linux Security Module (LSM) functionality related to the setrlimit hooks should produce a warning message when used by a third party module that could not cope with it. However, due to a programming error, the kernel could print this warning message when a process was setting rlimits for a different process, or if rlimits were modified by another than the main thread even though there was no incompatible third party module. This update fixes the relevant code and ensures that the kernel handles this warning message correctly.\n(BZ#1092869)\n\n* Previously, the kernel was unable to detect KVM on system boot if the Hyper-V emulation was enabled. A patch has been applied to ensure that both KVM and Hyper-V hypervisors are now correctly detected during system boot. (BZ#1094152)\n\n* A function in the RPC code responsible for verifying whether cached credentials match the current process did not perform the check correctly. The code checked only whether the groups in the current process credentials appear in the same order as in the cached credentials but did not ensure that no other groups are present in the cached credentials. As a consequence, when accessing files in NFS mounts, a process with the same UID and GID as the original process but with a non-matching group list could have been granted an unauthorized access to a file, or under certain circumstances, the process could have been wrongly prevented from accessing the file. The incorrect test condition has been fixed and the problem can no longer occur. (BZ#1095062)\n\n* When being under heavy load, some Fibre Channel storage devices, such as Hitachi and HP Open-V series, can send a logout (LOGO) message to the host system. However, due to a bug in the lpfc driver, this could result in a loss of active paths to the storage and the paths could not be recovered without manual intervention. This update corrects the lpfc driver to ensure automatic recovery of the lost paths to the storage in this scenario. (BZ#1096061)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2019-01-02T00:00:00", "id": "REDHAT-RHSA-2014-0740.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74458", "published": "2014-06-11T00:00:00", "title": "RHEL 5 : kernel (RHSA-2014:0740)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0740. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74458);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2013-7339\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_bugtraq_id(66351, 67300, 67302);\n script_xref(name:\"RHSA\", value:\"2014:0740\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2014:0740)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\n* A NULL pointer dereference flaw was found in the\nrds_ib_laddr_check() function in the Linux kernel's implementation of\nReliable Datagram Sockets (RDS). A local, unprivileged user could use\nthis flaw to crash the system. (CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737\nand CVE-2014-1738.\n\nThis update also fixes the following bugs :\n\n* A bug in the futex system call could result in an overflow when\npassing a very large positive timeout. As a consequence, the\nFUTEX_WAIT operation did not work as intended and the system call was\ntiming out immediately. A backported patch fixes this bug by limiting\nvery large positive timeouts to the maximal supported value.\n(BZ#1091832)\n\n* A new Linux Security Module (LSM) functionality related to the\nsetrlimit hooks should produce a warning message when used by a third\nparty module that could not cope with it. However, due to a\nprogramming error, the kernel could print this warning message when a\nprocess was setting rlimits for a different process, or if rlimits\nwere modified by another than the main thread even though there was no\nincompatible third party module. This update fixes the relevant code\nand ensures that the kernel handles this warning message correctly.\n(BZ#1092869)\n\n* Previously, the kernel was unable to detect KVM on system boot if\nthe Hyper-V emulation was enabled. A patch has been applied to ensure\nthat both KVM and Hyper-V hypervisors are now correctly detected\nduring system boot. (BZ#1094152)\n\n* A function in the RPC code responsible for verifying whether cached\ncredentials match the current process did not perform the check\ncorrectly. The code checked only whether the groups in the current\nprocess credentials appear in the same order as in the cached\ncredentials but did not ensure that no other groups are present in the\ncached credentials. As a consequence, when accessing files in NFS\nmounts, a process with the same UID and GID as the original process\nbut with a non-matching group list could have been granted an\nunauthorized access to a file, or under certain circumstances, the\nprocess could have been wrongly prevented from accessing the file. The\nincorrect test condition has been fixed and the problem can no longer\noccur. (BZ#1095062)\n\n* When being under heavy load, some Fibre Channel storage devices,\nsuch as Hitachi and HP Open-V series, can send a logout (LOGO) message\nto the host system. However, due to a bug in the lpfc driver, this\ncould result in a loss of active paths to the storage and the paths\ncould not be recovered without manual intervention. This update\ncorrects the lpfc driver to ensure automatic recovery of the lost\npaths to the storage in this scenario. (BZ#1096061)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1738\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0740\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debuginfo-common-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-371.9.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-371.9.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:45", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6.4 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\nRed Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, and Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153.\n\nThis update also fixes the following bug :\n\n* A previous change that introduced global clock updates caused guest machines to boot slowly when the host Time Stamp Counter (TSC) was marked as unstable. The slow down increased with the number of vCPUs allocated. To resolve this problem, a patch has been applied to limit the rate of the global clock updates. (BZ#1102253)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2014-0900.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79035", "published": "2014-11-08T00:00:00", "title": "RHEL 6 : kernel (RHSA-2014:0900)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0900. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79035);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2014-3153\");\n script_xref(name:\"RHSA\", value:\"2014:0900\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2014:0900)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.4 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem\nhandled the requeuing of certain Priority Inheritance (PI) futexes. A\nlocal, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, and Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter\nof CVE-2014-3153.\n\nThis update also fixes the following bug :\n\n* A previous change that introduced global clock updates caused guest\nmachines to boot slowly when the host Time Stamp Counter (TSC) was\nmarked as unstable. The slow down increased with the number of vCPUs\nallocated. To resolve this problem, a patch has been applied to limit\nthe rate of the global clock updates. (BZ#1102253)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3153\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android \"Towelroot\" Futex Requeue Kernel Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0900\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"perf-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"perf-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"python-perf-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-358.46.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:11", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2014-0196 Jiri Slaby discovered a race condition in the pty layer, which could lead to a denial of service or privilege escalation.\n\n - CVE-2014-1737 CVE-2014-1738 Matthew Daley discovered an information leak and missing input sanitising in the FDRAWCMD ioctl of the floppy driver. This could result in a privilege escalation.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2928.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74027", "published": "2014-05-16T00:00:00", "title": "Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2928. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74027);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_bugtraq_id(67199, 67300, 67302);\n script_xref(name:\"DSA\", value:\"2928\");\n\n script_name(english:\"Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2014-0196\n Jiri Slaby discovered a race condition in the pty layer,\n which could lead to a denial of service or privilege\n escalation.\n\n - CVE-2014-1737 CVE-2014-1738\n Matthew Daley discovered an information leak and missing\n input sanitising in the FDRAWCMD ioctl of the floppy\n driver. This could result in a privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2928\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.32-48squeeze6.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+48squeeze6 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:17", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:0740 :\n\nUpdated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.\n\n* A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738.\n\nThis update also fixes the following bugs :\n\n* A bug in the futex system call could result in an overflow when passing a very large positive timeout. As a consequence, the FUTEX_WAIT operation did not work as intended and the system call was timing out immediately. A backported patch fixes this bug by limiting very large positive timeouts to the maximal supported value.\n(BZ#1091832)\n\n* A new Linux Security Module (LSM) functionality related to the setrlimit hooks should produce a warning message when used by a third party module that could not cope with it. However, due to a programming error, the kernel could print this warning message when a process was setting rlimits for a different process, or if rlimits were modified by another than the main thread even though there was no incompatible third party module. This update fixes the relevant code and ensures that the kernel handles this warning message correctly.\n(BZ#1092869)\n\n* Previously, the kernel was unable to detect KVM on system boot if the Hyper-V emulation was enabled. A patch has been applied to ensure that both KVM and Hyper-V hypervisors are now correctly detected during system boot. (BZ#1094152)\n\n* A function in the RPC code responsible for verifying whether cached credentials match the current process did not perform the check correctly. The code checked only whether the groups in the current process credentials appear in the same order as in the cached credentials but did not ensure that no other groups are present in the cached credentials. As a consequence, when accessing files in NFS mounts, a process with the same UID and GID as the original process but with a non-matching group list could have been granted an unauthorized access to a file, or under certain circumstances, the process could have been wrongly prevented from accessing the file. The incorrect test condition has been fixed and the problem can no longer occur. (BZ#1095062)\n\n* When being under heavy load, some Fibre Channel storage devices, such as Hitachi and HP Open-V series, can send a logout (LOGO) message to the host system. However, due to a bug in the lpfc driver, this could result in a loss of active paths to the storage and the paths could not be recovered without manual intervention. This update corrects the lpfc driver to ensure automatic recovery of the lost paths to the storage in this scenario. (BZ#1096061)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2019-01-02T00:00:00", "id": "ORACLELINUX_ELSA-2014-0740-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74505", "published": "2014-06-13T00:00:00", "title": "Oracle Linux 5 : kernel (ELSA-2014-0740-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0740 and \n# Oracle Linux Security Advisory ELSA-2014-0740-1 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74505);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2013-7339\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_bugtraq_id(66351, 67300, 67302);\n script_xref(name:\"RHSA\", value:\"2014:0740\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2014-0740-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0740 :\n\nUpdated kernel packages that fix three security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled\nuser space provided data in certain error code paths while processing\nFDRAWCMD IOCTL commands. A local user with write access to /dev/fdX\ncould use this flaw to free (using the kfree() function) arbitrary\nkernel memory. (CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal\nkernel memory addresses to user space during the processing of the\nFDRAWCMD IOCTL command. A local user with write access to /dev/fdX\ncould use this flaw to obtain information about the kernel heap\narrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two\nflaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate\ntheir privileges on the system.\n\n* A NULL pointer dereference flaw was found in the\nrds_ib_laddr_check() function in the Linux kernel's implementation of\nReliable Datagram Sockets (RDS). A local, unprivileged user could use\nthis flaw to crash the system. (CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737\nand CVE-2014-1738.\n\nThis update also fixes the following bugs :\n\n* A bug in the futex system call could result in an overflow when\npassing a very large positive timeout. As a consequence, the\nFUTEX_WAIT operation did not work as intended and the system call was\ntiming out immediately. A backported patch fixes this bug by limiting\nvery large positive timeouts to the maximal supported value.\n(BZ#1091832)\n\n* A new Linux Security Module (LSM) functionality related to the\nsetrlimit hooks should produce a warning message when used by a third\nparty module that could not cope with it. However, due to a\nprogramming error, the kernel could print this warning message when a\nprocess was setting rlimits for a different process, or if rlimits\nwere modified by another than the main thread even though there was no\nincompatible third party module. This update fixes the relevant code\nand ensures that the kernel handles this warning message correctly.\n(BZ#1092869)\n\n* Previously, the kernel was unable to detect KVM on system boot if\nthe Hyper-V emulation was enabled. A patch has been applied to ensure\nthat both KVM and Hyper-V hypervisors are now correctly detected\nduring system boot. (BZ#1094152)\n\n* A function in the RPC code responsible for verifying whether cached\ncredentials match the current process did not perform the check\ncorrectly. The code checked only whether the groups in the current\nprocess credentials appear in the same order as in the cached\ncredentials but did not ensure that no other groups are present in the\ncached credentials. As a consequence, when accessing files in NFS\nmounts, a process with the same UID and GID as the original process\nbut with a non-matching group list could have been granted an\nunauthorized access to a file, or under certain circumstances, the\nprocess could have been wrongly prevented from accessing the file. The\nincorrect test condition has been fixed and the problem can no longer\noccur. (BZ#1095062)\n\n* When being under heavy load, some Fibre Channel storage devices,\nsuch as Hitachi and HP Open-V series, can send a logout (LOGO) message\nto the host system. However, due to a bug in the lpfc driver, this\ncould result in a loss of active paths to the storage and the paths\ncould not be recovered without manual intervention. This update\ncorrects the lpfc driver to ensure automatic recovery of the lost\npaths to the storage in this scenario. (BZ#1096061)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004195.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-371.9.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-371.9.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-371.9.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-371.9.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-371.9.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-371.9.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-371.9.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-371.9.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-371.9.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-371.9.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2016-09-26T17:23:11", "bulletinFamily": "software", "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. F5 recommends that you limit network access to the management interface to a secure, management-only network. \n\n\n**FirePass**\n\nTo protect the FirePass Controller, you can use a TCP and/or IP proxy in front of FirePass to mitigate the issue. \n\n\n**Note**: For information about Linux kernel versions that the BIG-IP system uses, and how the BIG-IP system uses the Linux operating system, refer to SOL3645: Base operating system information for the BIG-IP Host system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13284: Overview of management interface routing (11.x)\n * SOL3669: Overview of management interface routing (9.x - 10.x)\n", "modified": "2014-09-26T00:00:00", "published": "2014-06-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15304.html", "id": "SOL15304", "title": "SOL15304 - Linux kernel tcp_rcv_state_process vulnerability CVE-2012-6638", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\nHi,\r\n\r\nAs this was posted to linux-distros, and was supposed to be made public\r\nearlier this week, but so far wasn&#39;t published on oss-sec ...\r\n\r\nReported by Matthew Daley to security@kernel.org.\r\n\r\nThere apparently exists a proof of concept root exploit, that allows\r\nlocal users with access to a floppy device to execute code in the linux\r\nkernel.\r\n\r\n&#40;I think this needs a floppy driver to actually allow access to a floppy\r\n device. My machine only says &quot;floppy0: no floppy controllers found&quot; today.&#41;\r\n\r\nLinux Kernel Mainline commits:\r\n\r\n2145e15e0557a01b9195d1c7199a1b92cb9be81f\r\nAuthor: Matthew Daley &lt;mattd@bugfuzz.com&gt;\r\nDate: Mon Apr 28 19:05:21 2014 +1200\r\n\r\n floppy: don&#39;t write kernel-only members to FDRAWCMD ioctl output\r\n\r\n Do not leak kernel-only floppy_raw_cmd structure members to userspace.\r\n This includes the linked-list pointer and the pointer to the allocated\r\n DMA space.\r\n\r\n Signed-off-by: Matthew Daley &lt;mattd@bugfuzz.com&gt;\r\n References: CVE-2014-1738\r\n Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;\r\n\r\ncommit ef87dbe7614341c2e7bfe8d32fcb7028cc97442c\r\nAuthor: Matthew Daley &lt;mattd@bugfuzz.com&gt;\r\nDate: Mon Apr 28 19:05:20 2014 +1200\r\n\r\n floppy: ignore kernel-only members in FDRAWCMD ioctl input\r\n\r\n Always clear out these floppy_raw_cmd struct members after copying the\r\n entire structure from userspace so that the in-kernel version is always\r\n valid and never left in an interdeterminate state.\r\n\r\n Signed-off-by: Matthew Daley &lt;mattd@bugfuzz.com&gt;\r\n References: CVE-2014-1737\r\n Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;\r\n\r\nCiao, Marcus\r\n\r\n", "modified": "2014-05-10T00:00:00", "published": "2014-05-10T00:00:00", "id": "SECURITYVULNS:DOC:30721", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30721", "title": "[oss-security] Linux kernel floppy ioctl kernel code execution", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2926-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMay 12, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : linux\r\nCVE ID : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-2851 \r\n CVE-2014-3122\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that \r\nmay lead to a denial of service, information leaks or privilege \r\nescalation:\r\n\r\nCVE-2014-0196\r\n\r\n Jiri Slaby discovered a race condition in the pty layer, which could\r\n lead to denial of service or privilege escalation.\r\n\r\nCVE-2014-1737 / CVE-2014-1738\r\n\r\n Matthew Daley discovered that missing input sanitising in the\r\n FDRAWCMD ioctl and an information leak could result in privilege\r\n escalation.\r\n\r\nCVE-2014-2851\r\n\r\n Incorrect reference counting in the ping_init_sock&#40;&#41; function allows\r\n denial of service or privilege escalation.\r\n\r\nCVE-2014-3122\r\n\r\n Incorrect locking of memory can result in local denial of service.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, these problems have been fixed in\r\nversion 3.2.57-3+deb7u1. This update also fixes a regression in the isci\r\ndriver and suspend problems with certain AMD CPUs &#40;introduced in the\r\nupdated kernel from the Wheezy 7.5 point release&#41;.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your linux packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJTcO+9AAoJEBDCk7bDfE421QQP/j08SKXHiHXcdZmtcP1ifE9P\r\nfBvddKDd9thLxec1bn4VhFDsDMMESvMGV4S62FaAuet7OU8GpX899ctGeZiR4YM6\r\nEKpd86hwWiChs+PPhyEpae9/gX0ZDGJLToE5PyggOa/anpZ39yHT6rDccl/H9rIc\r\nOgFE7ru8je/I1jdeOlqdJLZ2YicM/xLy1gF6WwZFvfKUXHbeJ9cnz5VZR/R1aJCb\r\nYs/rj2QjKDaXvDuW+l+ybQOL6nqevH1upFL4u+kkiOk78q2UoJdyYSeKGLrtIYBW\r\n3SRnY8xHNAtHrldzDjXdFaTqd880/ter5l9OXo9zcR8wUojAqWbSDW+0TC/5CmRL\r\noWa72DuCoxdulsmZQZydxB0U87pudsI2Ez5wiXVXfPWD7Ykwad+j/AV3EBaUEKwi\r\nhnWt+9IFWgIjnVnDbPbwfUkmzRCa58ewo10alxEq/supTrkAU/5xQbEtejt4MYtq\r\nTGy8b51aWg5VYpEze5HrPBPyl2szdOF+j9OhNF08Rh/RMGbzSi3Qamr/xsG1PhBx\r\n+93FcjfembChbPihpUQp7by/2xtT3Td1TA1Q7o3vgKk/bdcmsI1JMdPs46H+AFpi\r\nxRgd1dxxPpCaTTCgVHkp6uykWhQcW+nI87OEv/Ibxdch+qrlPs4BxxTk9uL0OHGa\r\nmlcOLozLVQLTcPYUAGL6\r\n=AqGQ\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:DOC:30730", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30730", "title": "[SECURITY] [DSA 2926-1] linux security update", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:32", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\nRed Hat would like to thank Matthew Daley for reporting these issues.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2017-09-08T12:18:22", "published": "2014-06-26T04:00:00", "id": "RHSA-2014:0801", "href": "https://access.redhat.com/errata/RHSA-2014:0801", "type": "redhat", "title": "(RHSA-2014:0801) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:58", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A NULL pointer dereference flaw was found in the rds_ib_laddr_check()\nfunction in the Linux kernel's implementation of Reliable Datagram Sockets\n(RDS). A local, unprivileged user could use this flaw to crash the system.\n(CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n* A bug in the futex system call could result in an overflow when passing\na very large positive timeout. As a consequence, the FUTEX_WAIT operation\ndid not work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091832)\n\n* A new Linux Security Module (LSM) functionality related to the setrlimit\nhooks should produce a warning message when used by a third party module\nthat could not cope with it. However, due to a programming error, the\nkernel could print this warning message when a process was setting rlimits\nfor a different process, or if rlimits were modified by another than the\nmain thread even though there was no incompatible third party module. This\nupdate fixes the relevant code and ensures that the kernel handles this\nwarning message correctly. (BZ#1092869)\n\n* Previously, the kernel was unable to detect KVM on system boot if the\nHyper-V emulation was enabled. A patch has been applied to ensure that\nboth KVM and Hyper-V hypervisors are now correctly detected during system\nboot. (BZ#1094152)\n\n* A function in the RPC code responsible for verifying whether cached\ncredentials match the current process did not perform the check correctly.\nThe code checked only whether the groups in the current process\ncredentials appear in the same order as in the cached credentials but did\nnot ensure that no other groups are present in the cached credentials. As\na consequence, when accessing files in NFS mounts, a process with the same\nUID and GID as the original process but with a non-matching group list\ncould have been granted an unauthorized access to a file, or under certain\ncircumstances, the process could have been wrongly prevented from\naccessing the file. The incorrect test condition has been fixed and the\nproblem can no longer occur. (BZ#1095062)\n\n* When being under heavy load, some Fibre Channel storage devices, such as\nHitachi and HP Open-V series, can send a logout (LOGO) message to the\nhost system. However, due to a bug in the lpfc driver, this could result\nin a loss of active paths to the storage and the paths could not be\nrecovered without manual intervention. This update corrects the lpfc\ndriver to ensure automatic recovery of the lost paths to the storage in\nthis scenario. (BZ#1096061)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2017-09-08T11:48:59", "published": "2014-06-10T04:00:00", "id": "RHSA-2014:0740", "href": "https://access.redhat.com/errata/RHSA-2014:0740", "type": "redhat", "title": "(RHSA-2014:0740) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:58", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem handled\nthe requeuing of certain Priority Inheritance (PI) futexes. A local,\nunprivileged user could use this flaw to escalate their privileges on the\nsystem. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, and Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter of\nCVE-2014-3153.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2015-04-24T14:20:41", "published": "2014-06-26T04:00:00", "id": "RHSA-2014:0800", "href": "https://access.redhat.com/errata/RHSA-2014:0800", "type": "redhat", "title": "(RHSA-2014:0800) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:26", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem handled\nthe requeuing of certain Priority Inheritance (PI) futexes. A local,\nunprivileged user could use this flaw to escalate their privileges on the\nsystem. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, and Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter of\nCVE-2014-3153.\n\nThis update also fixes the following bug:\n\n* A previous change that introduced global clock updates caused guest\nmachines to boot slowly when the host Time Stamp Counter (TSC) was marked\nas unstable. The slow down increased with the number of vCPUs allocated.\nTo resolve this problem, a patch has been applied to limit the rate of the\nglobal clock updates. (BZ#1102253)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2015-04-24T14:20:26", "published": "2014-07-17T04:00:00", "id": "RHSA-2014:0900", "href": "https://access.redhat.com/errata/RHSA-2014:0900", "type": "redhat", "title": "(RHSA-2014:0900) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled TCP packets with both the SYN and FIN flags set.\nA remote attacker could use this flaw to consume an excessive amount of\nresources on the target system, potentially resulting in a denial of\nservice. (CVE-2012-6638, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface\nDevice) reports with an out-of-bounds Report ID. An attacker with physical\naccess to the system could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2013-2888,\nModerate)\n\nThis update also fixes the following bugs:\n\n* A previous change to the sunrpc code introduced a race condition between\nthe rpc_wake_up_task() and rpc_wake_up_status() functions. A race between\nthreads operating on these functions could result in a deadlock situation,\nsubsequently triggering a \"soft lockup\" event and rendering the system\nunresponsive. This problem has been fixed by re-ordering tasks in the RPC\nwait queue. (BZ#1073731)\n\n* Running a process in the background on a GFS2 file system could\nsometimes trigger a glock recursion error that resulted in a kernel panic.\nThis happened when a readpage operation attempted to take a glock that had\nalready been held by another function. To prevent this error, GFS2 now\nverifies whether the glock is already held when performing the readpage\noperation. (BZ#1073953)\n\n* A previous patch backport to the IUCV (Inter User Communication Vehicle)\ncode was incomplete. Consequently, when establishing an IUCV connection,\nthe kernel could, under certain circumstances, dereference a NULL pointer,\nresulting in a kernel panic. A patch has been applied to correct this\nproblem by calling the proper function when removing IUCV paths.\n(BZ#1077045)\n\nIn addition, this update adds the following enhancement:\n\n* The lpfc driver had a fixed timeout of 60 seconds for SCSI task\nmanagement commands. With this update, the lpfc driver enables the user to\nset this timeout within the range from 5 to 180 seconds. The timeout can\nbe changed by modifying the \"lpfc_task_mgmt_tmo\" parameter for the lpfc\ndriver. (BZ#1073123)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. The system must be rebooted for this update to take effect.\n", "modified": "2017-09-08T11:54:59", "published": "2014-04-24T04:00:00", "id": "RHSA-2014:0433", "href": "https://access.redhat.com/errata/RHSA-2014:0433", "type": "redhat", "title": "(RHSA-2014:0433) Moderate: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:37", "bulletinFamily": "unix", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A race condition leading to a use-after-free flaw was found in the way\nthe Linux kernel's TCP/IP protocol suite implementation handled the\naddition of fragments to the LRU (Last-Recently Used) list under certain\nconditions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system by sending a large\namount of specially crafted fragmented packets to that system.\n(CVE-2014-0100, Important)\n\n* A race condition flaw, leading to heap-based buffer overflows, was found\nin the way the Linux kernel's N_TTY line discipline (LDISC) implementation\nhandled concurrent processing of echo output and TTY write operations\noriginating from user space when the underlying TTY driver was PTY.\nAn unprivileged, local user could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-0196,\nImportant)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A use-after-free flaw was found in the way the ping_init_sock() function\nof the Linux kernel handled the group_info reference counter. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2014-2851, Important)\n\n* It was found that a remote attacker could use a race condition flaw in\nthe ath_tx_aggr_sleep() function to crash the system by creating large\nnetwork traffic on the system's Atheros 9k wireless network adapter.\n(CVE-2014-2672, Moderate)\n\n* A NULL pointer dereference flaw was found in the rds_iw_laddr_check()\nfunction in the Linux kernel's implementation of Reliable Datagram Sockets\n(RDS). A local, unprivileged user could use this flaw to crash the system.\n(CVE-2014-2678, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel's mac80211\nsubsystem implementation handled synchronization between TX and STA wake-up\ncode paths. A remote attacker could use this flaw to crash the system.\n(CVE-2014-2706, Moderate)\n\n* It was found that the try_to_unmap_cluster() function in the Linux\nkernel's Memory Managment subsystem did not properly handle page locking in\ncertain cases, which could potentially trigger the BUG_ON() macro in the\nmlock_vma_page() function. A local, unprivileged user could use this flaw\nto crash the system. (CVE-2014-3122, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738. The CVE-2014-0100 issue was discovered by Nikolay\nAleksandrov of Red Hat.\n\nUsers are advised to upgrade to these updated packages, which upgrade the\nkernel-rt kernel to version kernel-rt-3.10.33-rt32.34 and correct these\nissues. The system must be rebooted for this update to take effect.\n", "modified": "2018-06-07T08:58:34", "published": "2014-05-27T04:00:00", "id": "RHSA-2014:0557", "href": "https://access.redhat.com/errata/RHSA-2014:0557", "type": "redhat", "title": "(RHSA-2014:0557) Important: kernel-rt security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:12", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem handled\nthe requeuing of certain Priority Inheritance (PI) futexes. A local,\nunprivileged user could use this flaw to escalate their privileges on the\nsystem. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* It was discovered that the proc_ns_follow_link() function did not\nproperly return the LAST_BIND value in the last pathname component as is\nexpected for procfs symbolic links, which could lead to excessive freeing\nof memory and consequent slab corruption. A local, unprivileged user could\nuse this flaw to crash the system. (CVE-2014-0203, Moderate)\n\n* A flaw was found in the way the Linux kernel handled exceptions when\nuser-space applications attempted to use the linkage stack. On IBM S/390\nsystems, a local, unprivileged user could use this flaw to crash the\nsystem. (CVE-2014-2039, Moderate)\n\n* An invalid pointer dereference flaw was found in the Marvell 8xxx\nLibertas WLAN (libertas) driver in the Linux kernel. A local user able to\nwrite to a file that is provided by the libertas driver and located on the\ndebug file system (debugfs) could use this flaw to crash the system. Note:\nThe debugfs file system must be mounted locally to exploit this issue.\nIt is not mounted by default. (CVE-2013-6378, Low)\n\n* A denial of service flaw was discovered in the way the Linux kernel's\nSELinux implementation handled files with an empty SELinux security\ncontext. A local user who has the CAP_MAC_ADMIN capability could use this\nflaw to crash the system. (CVE-2014-1874, Low)\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738,\nand Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google\nacknowledges Pinkie Pie as the original reporter of CVE-2014-3153.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2018-06-06T20:24:32", "published": "2014-06-19T04:00:00", "id": "RHSA-2014:0771", "href": "https://access.redhat.com/errata/RHSA-2014:0771", "type": "redhat", "title": "(RHSA-2014:0771) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:49", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem handled\nthe requeuing of certain Priority Inheritance (PI) futexes. A local,\nunprivileged user could use this flaw to escalate their privileges on the\nsystem. (CVE-2014-3153, Important)\n\n* A use-after-free flaw was found in the way the ping_init_sock() function\nof the Linux kernel handled the group_info reference counter. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2014-2851, Important)\n\n* Use-after-free and information leak flaws were found in the way the\nLinux kernel's floppy driver processed the FDRAWCMD IOCTL command. A local\nuser with write access to /dev/fdX could use these flaws to escalate their\nprivileges on the system. (CVE-2014-1737, CVE-2014-1738, Important)\n\n* It was found that the aio_read_events_ring() function of the Linux\nkernel's Asynchronous I/O (AIO) subsystem did not properly sanitize the AIO\nring head received from user space. A local, unprivileged user could use\nthis flaw to disclose random parts of the (physical) memory belonging to\nthe kernel and/or other processes. (CVE-2014-0206, Moderate)\n\n* An out-of-bounds memory access flaw was found in the Netlink Attribute\nextension of the Berkeley Packet Filter (BPF) interpreter functionality in\nthe Linux kernel's networking implementation. A local, unprivileged user\ncould use this flaw to crash the system or leak kernel memory to user space\nvia a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145,\nModerate)\n\n* An information leak flaw was found in the way the skb_zerocopy() function\ncopied socket buffers (skb) that are backed by user-space buffers (for\nexample vhost-net and Xen netback), potentially allowing an attacker to\nread data from those buffers. (CVE-2014-2568, Low)\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153 and Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738.\nGoogle acknowledges Pinkie Pie as the original reporter of\nCVE-2014-3153. The CVE-2014-0206 issue was discovered by Mateusz Guzik of\nRed Hat.\n\nThis update also fixes the following bugs:\n\n* Due to incorrect calculation of Tx statistics in the qlcninc driver,\nrunning the \"ethtool -S ethX\" command could trigger memory corruption.\nAs a consequence, running the sosreport tool, that uses this command,\nresulted in a kernel panic. The problem has been fixed by correcting the\nsaid statistics calculation. (BZ#1104972)\n\n* When an attempt to create a file on the GFS2 file system failed due to a\nfile system quota violation, the relevant VFS inode was not completely\nuninitialized. This could result in a list corruption error. This update\nresolves this problem by correctly uninitializing the VFS inode in this\nsituation. (BZ#1097407)\n\n* Due to a race condition in the kernel, the getcwd() system call could\nreturn \"/\" instead of the correct full path name when querying a path name\nof a file or directory. Paths returned in the \"/proc\" file system could\nalso be incorrect. This problem was causing instability of various\napplications. The aforementioned race condition has been fixed and getcwd()\nnow always returns the correct paths. (BZ#1099048)\n\nIn addition, this update adds the following enhancements:\n\n* The kernel mutex code has been improved. The changes include improved\nqueuing of the MCS spin locks, the MCS code optimization, introduction of\nthe cancellable MCS spin locks, and improved handling of mutexes without\nwait locks. (BZ#1103631, BZ#1103629)\n\n* The handling of the Virtual Memory Area (VMA) cache and huge page faults\nhas been improved. (BZ#1103630)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. The system must be rebooted for this update to take effect.\n", "modified": "2018-04-12T03:33:30", "published": "2014-06-24T04:00:00", "id": "RHSA-2014:0786", "href": "https://access.redhat.com/errata/RHSA-2014:0786", "type": "redhat", "title": "(RHSA-2014:0786) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:56", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-3041", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123389", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123389", "title": "Oracle Linux Local Check: ELSA-2014-3041", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-3041.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123389\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:09 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-3041\");\n script_tag(name:\"insight\", value:\"ELSA-2014-3041 - unbreakable enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-3041\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-3041.html\");\n script_cve_id(\"CVE-2014-1737\", \"CVE-2014-1738\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~35.1.2.el6uek~0.4.3~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~35.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~35.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~35.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~35.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~35.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~35.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310881954", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881954", "title": "CentOS Update for kernel CESA-2014:0740 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2014:0740 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881954\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:04:18 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2013-7339\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for kernel CESA-2014:0740 centos5\");\n\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any\nLinux operating system.\n\n * A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n * It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n * A NULL pointer dereference flaw was found in the rds_ib_laddr_check()\nfunction in the Linux kernel's implementation of Reliable Datagram Sockets\n(RDS). A local, unprivileged user could use this flaw to crash the system.\n(CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n * A bug in the futex system call could result in an overflow when passing\na very large positive timeout. As a consequence, the FUTEX_WAIT operation\ndid not work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091832)\n\n * A new Linux Security Module (LSM) functionality related to the setrlimit\nhooks should produce a warning message when used by a third party module\nthat could not cope with it. However, due to a programming error, the\nkernel could print this warning message when a process was setting rlimits\nfor a different process, or if rlimits were modified by another than the\nmain thread even though there was no incompatible third party module. This\nupdate fixes the relevant code and ensures that the kernel handles this\nwarning message correctly. (BZ#1092869)\n\n * Previously, the kernel was unable to detect KVM on system boot if the\nHyper-V emulation was enabled. A patch has been applied to ensure that\nboth KVM and Hyper-V hypervisors are now correctly detected during system\nboot. (BZ#1094152)\n\n * A function in the RPC code responsible for verifying whether cached\ncredentials match the current process did not perform the check correctly.\nThe code checked only whether the groups in the current process\ncredentials appear in the same order as i ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0740\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020363.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~371.9.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-0740-1", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123393", "title": "Oracle Linux Local Check: ELSA-2014-0740-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0740-1.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123393\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:13 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0740-1\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0740-1 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0740-1\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0740-1.html\");\n script_cve_id(\"CVE-2013-7339\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~371.9.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.9.1.0.1.el5~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.9.1.0.1.el5PAE~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.9.1.0.1.el5debug~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.9.1.0.1.el5xen~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.9.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.9.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.9.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.9.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850807", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850807", "title": "SuSE Update for Linux SUSE-SU-2014:0667-1 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0667_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Linux SUSE-SU-2014:0667-1 (Linux)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850807\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Linux SUSE-SU-2014:0667-1 (Linux)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the\n following severe security issues:\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the 'LECHO &amp !OPOST' case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n\n Security Issues references:\n\n * CVE-2014-0196\n\n * CVE-2014-1737\n\n * CVE-2014-1738\n\n Indications:\n\n Everyone using the Linux Kernel on x86_64 architecture should update.\n\n Special Instructions and Notes:\n\n Please reboot the system after installing this update.\");\n script_tag(name:\"affected\", value:\"Linux on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0667_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.2.4_02_3.0.101_0.29~0.7.24\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ppc64-base\", rpm:\"kernel-ppc64-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ppc64-devel\", rpm:\"kernel-ppc64-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.0.101~0.29.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.2.4_02_3.0.101_0.29~0.7.24\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-28T10:48:44", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196 \nJiri Slaby discovered a race condition in the pty layer, which could lead\nto a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738 \nMatthew Daley discovered an information leak and missing input\nsanitising in the FDRAWCMD ioctl of the floppy driver. This could result\nin a privilege escalation.", "modified": "2017-07-13T00:00:00", "published": "2014-05-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702928", "id": "OPENVAS:702928", "title": "Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2928.nasl 6715 2017-07-13 09:57:40Z teissa $\n# Auto-generated from advisory DSA 2928-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"linux-2.6 on Debian Linux\";\ntag_insight = \"The Linux kernel is the core of the Linux operating system.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze6.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze6 \nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote \n: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\";\ntag_summary = \"Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196 \nJiri Slaby discovered a race condition in the pty layer, which could lead\nto a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738 \nMatthew Daley discovered an information leak and missing input\nsanitising in the FDRAWCMD ioctl of the floppy driver. This could result\nin a privilege escalation.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702928);\n script_version(\"$Revision: 6715 $\");\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_name(\"Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-13 11:57:40 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-05-14 00:00:00 +0200 (Wed, 14 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2928.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firmware-linux-free\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-base\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-486\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-armel\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-i386\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-ia64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mips\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mipsel\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-s390\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-sparc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-openvz\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-vserver\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-xen\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-486\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x-tape\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.32-5\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tools-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:34", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196\nJiri Slaby discovered a race condition in the pty layer, which could lead\nto a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738\nMatthew Daley discovered an information leak and missing input\nsanitising in the FDRAWCMD ioctl of the floppy driver. This could result\nin a privilege escalation.", "modified": "2019-03-18T00:00:00", "published": "2014-05-14T00:00:00", "id": "OPENVAS:1361412562310702928", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702928", "title": "Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2928.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 2928-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702928\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-0196\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_name(\"Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-14 00:00:00 +0200 (Wed, 14 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2928.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_tag(name:\"affected\", value:\"linux-2.6 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze6.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze6\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote\n: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196\nJiri Slaby discovered a race condition in the pty layer, which could lead\nto a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738\nMatthew Daley discovered an information leak and missing input\nsanitising in the FDRAWCMD ioctl of the floppy driver. This could result\nin a privilege escalation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firmware-linux-free\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-base\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-486\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-armel\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-i386\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-ia64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mips\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-mipsel\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-s390\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-all-sparc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-openvz\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-vserver\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-common-xen\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-486\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-4kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-5kc-malta\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-686-bigmem-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-iop32x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-ixp4xx\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-kirkwood\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-686-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-openvz-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-orion5x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r4k-ip22\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-cobalt\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-r5k-ip32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-s390x-tape\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1-bcm91250a\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sb1a-bcm91480b\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-sparc64-smp\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-versatile\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-itanium\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-mckinley\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-powerpc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-s390x\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-vserver-sparc64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-686-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-2.6.32-5-xen-amd64-dbg\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-2.6.32-5\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-tools-2.6.32\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-686\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.32-5-xen-amd64\", ver:\"2.6.32-48squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310871180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871180", "title": "RedHat Update for kernel RHSA-2014:0740-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2014:0740-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871180\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:07:11 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2013-7339\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for kernel RHSA-2014:0740-01\");\n\n\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n * It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n * A NULL pointer dereference flaw was found in the rds_ib_laddr_check()\nfunction in the Linux kernel's implementation of Reliable Datagram Sockets\n(RDS). A local, unprivileged user could use this flaw to crash the system.\n(CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n * A bug in the futex system call could result in an overflow when passing\na very large positive timeout. As a consequence, the FUTEX_WAIT operation\ndid not work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091832)\n\n * A new Linux Security Module (LSM) functionality related to the setrlimit\nhooks should produce a warning message when used by a third party module\nthat could not cope with it. However, due to a programming error, the\nkernel could print this warning message when a process was setting rlimits\nfor a different process, or if rlimits were modified by another than the\nmain thread even though there was no incompatible third party module. This\nupdate fixes the relevant code and ensures that the kernel handles this\nwarning message correctly. (BZ#1092869)\n\n * Previously, the kernel was unable to detect KVM on system boot if the\nHyper-V emulation was enabled. A patch has been applied to ensure that\nboth KVM and Hyper-V hypervisors are now correctly detected during system\nboot. (BZ#1094152)\n\n * A function in the RPC code responsible for verifying whether cached\ncredentials match the current process did not perform the check correctly.\nThe code checked only whether the groups in the current process\ncredentials ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0740-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00029.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~371.9.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-0740", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123392", "title": "Oracle Linux Local Check: ELSA-2014-0740", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0740.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123392\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0740\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0740 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0740\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0740.html\");\n script_cve_id(\"CVE-2013-7339\", \"CVE-2014-1737\", \"CVE-2014-1738\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~371.9.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.9.1.el5~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.9.1.el5PAE~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.9.1.el5debug~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.9.1.el5xen~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.9.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.9.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.9.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.9.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-06-02T00:00:00", "id": "OPENVAS:1361412562310841831", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841831", "title": "Ubuntu Update for linux USN-2219-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2219_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-2219-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841831\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-02 14:24:17 +0530 (Mon, 02 Jun 2014)\");\n script_cve_id(\"CVE-2014-1738\", \"CVE-2014-1737\", \"CVE-2013-7339\", \"CVE-2014-2678\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux USN-2219-1\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Matthew Daley reported an information leak in the floppy disk\ndriver of the Linux kernel. An unprivileged local user could exploit this flaw\nto obtain potentially sensitive information from kernel memory. (CVE-2014-1738)\n\nMatthew Daley reported a flaw in the handling of ioctl commands by the\nfloppy disk driver in the Linux kernel. An unprivileged local user could\nexploit this flaw to gain administrative privileges if the floppy disk\nmodule is loaded. (CVE-2014-1737)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol\nimplementation in the Linux kernel for systems that lack RDS transports. An\nunprivileged local user could exploit this flaw to cause a denial of\nservice (system crash). (CVE-2013-7339)\n\nAn error was discovered in the Reliable Datagram Sockets (RDS) protocol\nstack in the Linux kernel. A local user could exploit this flaw to cause a\ndenial of service (system crash) or possibly have unspecified other impact.\n(CVE-2014-2678)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2219-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2219-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-386\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-generic\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-generic-pae\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-ia64\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-lpia\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-powerpc\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-powerpc-smp\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-powerpc64-smp\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-preempt\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-server\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-sparc64\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-sparc64-smp\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-versatile\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-60-virtual\", ver:\"2.6.32-60.122\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-3042", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123390", "title": "Oracle Linux Local Check: ELSA-2014-3042", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-3042.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123390\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:10 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-3042\");\n script_tag(name:\"insight\", value:\"ELSA-2014-3042 - unbreakable enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-3042\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-3042.html\");\n script_cve_id(\"CVE-2014-1737\", \"CVE-2014-1738\", \"CVE-2013-6378\", \"CVE-2014-1874\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.215.3.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.215.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:18", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-35.1.2.el6uek]\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028443] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028436] {CVE-2014-1737}", "modified": "2014-06-20T00:00:00", "published": "2014-06-20T00:00:00", "id": "ELSA-2014-3041", "href": "http://linux.oracle.com/errata/ELSA-2014-3041.html", "title": "unbreakable enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:17", "bulletinFamily": "unix", "description": "kernel\n[2.6.18-371.9.1.0.1]\n- i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649]\n- [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030]\n- [oprofile] export __get_user_pages_fast() function [orabug 14277030]\n- [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030]\n- [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030]\n- [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030]\n- [kernel] Initialize the local uninitialized variable stats. [orabug 14051367]\n- [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763]\n- [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] Patch shrink_zone to yield during severe mempressure events, avoiding\n hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839]\n- [mm] Enhance shrink_zone patch allow full swap utilization, and also be\n NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]", "modified": "2014-06-11T00:00:00", "published": "2014-06-11T00:00:00", "id": "ELSA-2014-0740-1", "href": "http://linux.oracle.com/errata/ELSA-2014-0740-1.html", "title": "1 ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "unix", "description": "kernel\n[2.6.18-371.9.1]\n- [nfs] sunrpc: don't use a credential with extra groups (Mateusz Guzik) [1095062 976201]\n- [scsi] lpfc: Remove NDLP reference put in lpfc_cmpl_els_logo_acc (Rob Evers) [1096061 1075228]\n- [infiniband] rds: dereference of a NULL device (Jacob Tanenbaum) [1079216 1079217] {CVE-2013-7339}\n- [kernel] futex: check relative timeouts for overflow (Denys Vlasenko) [1091832 1084168]\n- [virt] kvm: correctly detect KVM when hv emulation is enalbed (Jason Wang) [1094152 985767]\n- [security] Fix spurious warnings in security_ops_task_setrlimit (Mateusz Guzik) [1092869 916235]\n- [block] floppy: don't write kernel-only members to FDRAWCMD output (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737}\n- [block] floppy: ignore kernel-only members in FDRAWCMD input (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737}", "modified": "2014-06-11T00:00:00", "published": "2014-06-11T00:00:00", "id": "ELSA-2014-0740", "href": "http://linux.oracle.com/errata/ELSA-2014-0740.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:25", "bulletinFamily": "unix", "description": "[2.6.39-400.215.3]\n- SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028380] {CVE-2014-1874}\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028444] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028438] {CVE-2014-1737}\n- libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028416] {CVE-2013-6378}", "modified": "2014-06-20T00:00:00", "published": "2014-06-20T00:00:00", "id": "ELSA-2014-3042", "href": "http://linux.oracle.com/errata/ELSA-2014-3042.html", "title": "unbreakable enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "unix", "description": "kernel-uek\n[2.6.32-400.36.3uek]\n- fix autofs/afs/etc. magic mountpoint breakage (Al Viro) [Orabug: 19028505] {CVE-2014-0203}\n- SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028381] {CVE-2014-1874}\n- floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028446] {CVE-2014-1738}\n- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028439] {CVE-2014-1737}\n- libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028417] {CVE-2013-6378}", "modified": "2014-06-20T00:00:00", "published": "2014-06-20T00:00:00", "id": "ELSA-2014-3043", "href": "http://linux.oracle.com/errata/ELSA-2014-3043.html", "title": "unbreakable enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:40", "bulletinFamily": "unix", "description": "kernel\n[2.6.18-371.8.1.0.1]\n- i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649]\n- [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030]\n- [oprofile] export __get_user_pages_fast() function [orabug 14277030]\n- [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030]\n- [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030]\n- [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030]\n- [kernel] Initialize the local uninitialized variable stats. [orabug 14051367]\n- [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763]\n- [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] Patch shrink_zone to yield during severe mempressure events, avoiding\n hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839]\n- [mm] Enhance shrink_zone patch allow full swap utilization, and also be\n NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]", "modified": "2014-04-25T00:00:00", "published": "2014-04-25T00:00:00", "id": "ELSA-2014-0433-1", "href": "http://linux.oracle.com/errata/ELSA-2014-0433-1.html", "title": "1 ", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:02", "bulletinFamily": "unix", "description": "kernel\n[2.6.18-371.8.1]\n- [virt] HID: memory corruption flaw drivers/usb/input/hid-core.c (Jacob Tanenbaum) [1032996 1032999] {CVE-2013-2888}\n- [virt] HID: memory corruption flaw in drivers/hv/hid-core.c (Jacob Tanenbaum) [1032996 1032999] {CVE-2013-2888}\n- [scsi] lpfc: Fix task management commands having a fixed timeout (Ewan Milne) [1073123 1061120]\n- [net] tcp: drop SYN+FIN messages (Jiri Pirko) [1066057 1066058] {CVE-2012-6638}\n- [fs] GFS2: Check if glock held in gfs2_readpage (Robert S Peterson) [1073953 1063434]\n- [net] sunrpc: fix deadlock in task wakeup code (Jeff Layton) [1073731 998126]\n[2.6.18-371.7.1]\n- [s390x] af_iucv: Kernel panic during connect (IUCV transport) (Hendrik Brueckner) [1077045 1026388]", "modified": "2014-04-24T00:00:00", "published": "2014-04-24T00:00:00", "id": "ELSA-2014-0433", "href": "http://linux.oracle.com/errata/ELSA-2014-0433.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "unix", "description": "[2.6.32-431.20.3]\n- [kernel] futex: Make lookup_pi_state more robust (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}\n- [kernel] futex: Always cleanup owner tid in unlock_pi (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}\n- [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}\n- [kernel] futex: prevent requeue pi on same futex (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}\n- [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]\n- [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]\n- [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]\n- [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]\n- [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]\n- Revert: [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]\n- Revert: [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]\n- Revert: [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]\n- Revert: [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]\n- Revert: [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]\n[2.6.32-431.20.2]\n- [block] floppy: don't write kernel-only members to FDRAWCMD ioctl output (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737}\n- [block] floppy: ignore kernel-only members in FDRAWCMD ioctl input (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737}\n- [fs] vfs: fix autofs/afs/etc magic mountpoint breakage (Frantisek Hrbata) [1094370 1079347] {CVE-2014-0203}\n- [char] n_tty: Fix n_tty_write crash when echoing in raw mode (Aristeu Rozanski) [1094236 1094237] {CVE-2014-0196}\n[2.6.32-431.20.1]\n- [net] rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF is set (Jiri Pirko) [1092870 1081282]\n- [net] rtnetlink: Warn when interface's information won't fit in our packet (Jiri Pirko) [1092870 1081282]\n- [net] bridge: Correctly receive hw-accelerated vlan traffic (Vlad Yasevich) [1096214 1067722]\n- [net] vlan: Allow accelerated packets to flow through the bridge (Vlad Yasevich) [1096214 1067722]\n- [infiniband] qib: Add missing serdes init sequence (Doug Ledford) [1080104 1005491]\n- [infiniband] qib: Fix txselect regression (Doug Ledford) [1080104 1005491]\n- [netdrv] ixgbevf: fix vlan acceleration (Nikolay Aleksandrov) [1094287 1069028]\n- [security] selinux: Fix kernel BUG on empty security contexts (Paul Moore) [1062502 1064545] {CVE-2014-1874}\n- [netdrv] libertas: potential oops in debugfs (Denys Vlasenko) [1034176 1034177] {CVE-2013-6378}\n- [kernel] cgroup: move put_css_set() after setting CGRP_RELEASABLE bit to fix notify_on_release (Naoya Horiguchi) [1081909 1037465]\n- [kernel] sched: Use exit hook to avoid use-after-free crash (Naoya Horiguchi) [1081914 1032347]\n- [kernel] cgroup: replace list_del() with list_del_init() to avoid panic (Naoya Horiguchi) [1081915 1032343]\n- [x86] turbostat: display C8, C9, C10 residency (Neil Horman) [1096711 1080637]\n- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp list (Rob Evers) [1086839 1063699]\n- [s390] fix kernel crash due to linkage stack instructions (Hendrik Brueckner) [1067678 1067679] {CVE-2014-2039}\n- [x86] kvm: rate-limit global clock updates (Andrew Jones) [1090750 1072373]\n- [kernel] hrtimers: Move SMP function call to thread context (Mateusz Guzik) [1079869 1073129]\n- [kernel] hrtimers: Support resuming with two or more CPUs online (Mateusz Guzik) [1079869 1073129]\n- [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]\n- [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]\n- [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]\n- [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]\n- [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]\n- [fs] ext4: fix WARN_ON from ext4_releasepage() (Carlos Maiolino) [1063508 1036814]\n- [fs] vfs: fix getname() && do_getname() interaction (Oleg Nesterov) [1075653 1024689]\n- [x86] apic: Make disabled_cpu_apicid static read_mostly, fix typos (Nigel Croxon) [1082622 980621]\n- [x86] kexec: Add disable_cpu_apicid kernel parameter (Nigel Croxon) [1082622 980621]\n- [kvm] x86: use kvm_read/write_guest_virt_system in task switch (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: small cleanups to kvm_task_switch (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: propagate error from kvm_load_segment_descriptor (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: improve save_guest_segment_descriptor (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: introduce kvm_write_guest_virt_system (Paolo Bonzini) [1070296 1018581]\n- [kvm] x86: Fix task switch privilege checks (Paolo Bonzini) [1070296 1018581]\n- [powerpc] Make function that parses RTAS error logs global (Steve Best) [1091424 1028682]\n- [powerpc] pseries: Add RTAS event log v6 definition (Steve Best) [1091424 1028682]\n- [powerpc] pseries: Parse and handle EPOW interrupts (Steve Best) [1091424 1028682]\n- [fs] nfsd: don't try to reuse an expired DRC entry off the list (Jeff Layton) [1088779 1036972]\n- [fs] nfsd: when reusing an existing repcache entry, unhash it first (Jeff Layton) [1088779 1036972]\n[2.6.32-431.19.1]\n- [kernel] sched: fix cpu_power initialization (Radim Krcmar) [1091826 1065304]\n- [fs] gfs2: Fix uninitialized VFS inode in gfs2_create_inode (Abhijith Das) [1092002 1059808]\n[2.6.32-431.18.1]\n- [block] fix race between request completion and timeout handling (Jeff Moyer) [1089915 919756]", "modified": "2014-06-19T00:00:00", "published": "2014-06-19T00:00:00", "id": "ELSA-2014-0771", "href": "http://linux.oracle.com/errata/ELSA-2014-0771.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:56", "bulletinFamily": "unix", "description": "[3.10.0-123.4.2]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-123.4.2]\n- [fs] aio: fix plug memory disclosure and fix reqs_active accounting backport (Jeff Moyer) [1094604 1094605] {CVE-2014-0206}\n- [fs] aio: plug memory disclosure and fix reqs_active accounting (Mateusz Guzik) [1094604 1094605] {CVE-2014-0206}\n[3.10.0-123.4.1]\n- [kernel] futex: Make lookup_pi_state more robust (Larry Woodman) [1104519 1104520] {CVE-2014-3153}\n- [kernel] futex: Always cleanup owner tid in unlock_pi (Larry Woodman) [1104519 1104520] {CVE-2014-3153}\n- [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Larry Woodman) [1104519 1104520] {CVE-2014-3153}\n- [kernel] futex: prevent requeue pi on same futex (Larry Woodman) [1104519 1104520] {CVE-2014-3153}\n- [ethernet] qlcnic: Fix ethtool statistics length calculation (Michal Schmidt) [1104972 1099634]\n- Revert: [kernel] cputime: Default implementation of nsecs -> cputime conversion (Frederic Weisbecker) [1090974 1047732]\n- Revert: [kernel] cputime: Bring cputime -> nsecs conversion (Frederic Weisbecker) [1090974 1047732]\n- Revert: [kernel] cputime: Fix jiffies based cputime assumption on steal accounting (Frederic Weisbecker) [1090974 1047732]\n[3.10.0-123.3.1]\n- [kernel] mutexes: Give more informative mutex warning in the !lock->owner case (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n- [kernel] mutex: replace CONFIG_HAVE_ARCH_MUTEX_CPU_RELAX with simple ifdef (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n- [kernel] locking/mutexes: Introduce cancelable MCS lock for adaptive spinning (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n- [kernel] locking/mutexes: Modify the way optimistic spinners are queued (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n- [kernel] locking/mutexes: Return false if task need_resched() in mutex_can_spin_on_owner() (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n- [kernel] Restructure the MCS lock defines and locking & Move mcs_spinlock.h into kernel/locking/ (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n- [misc] arch: Introduce smp_load_acquire(), smp_store_release() (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n- [kernel] locking/mutex: Fix debug_mutexes (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n- [kernel] locking/mutex: Fix debug checks (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n- [kernel] locking/mutexes: Unlock the mutex without the wait_lock (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]\n[3.10.0-123.2.1]\n- [net] filter: prevent nla extensions to peek beyond the end of the message (Jiri Benc) [1096780 1096781] {CVE-2014-3144 CVE-2014-3145}\n- [block] floppy: don't write kernel-only members to FDRAWCMD ioctl output (Denys Vlasenko) [1094316 1094318] {CVE-2014-1737 CVE-2014-1738}\n- [block] floppy: ignore kernel-only members in FDRAWCMD ioctl input (Denys Vlasenko) [1094316 1094318] {CVE-2014-1737 CVE-2014-1738}\n- [net] core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors (Jiri Pirko) [1091345 1079014] {CVE-2014-2568}\n- [net] ipv4: current group_info should be put after using (Jiri Benc) [1087415 1087416] {CVE-2014-2851}\n- [fs] dcache: make prepend_name() work correctly when called with negative *buflen (Mikulas Patocka) [1099048 1092746]\n- [fs] dcache: __dentry_path() fixes (Mikulas Patocka) [1099048 1092746]\n- [fs] dcache: prepend_path() needs to reinitialize dentry/vfsmount/mnt on restarts (Mikulas Patocka) [1099048 1092746]\n- [target] tcm_fc: Fix use-after-free of ft_tpg (Andy Grover) [1088110 1071340]\n- [s390] af_iucv: wrong mapping of sent and confirmed skbs (Hendrik Brueckner) [1103064 1098513]\n- [s390] kernel: avoid page table walk on user space access (Hendrik Brueckner) [1103062 1097687]\n- [s390] crypto: fix aes, des ctr mode concurrency finding (Hendrik Brueckner) [1103060 1097686]\n- [net] openvswitch: fix a possible deadlock and lockdep warning (Flavio Leitner) [1103318 1094867]\n- [mm] filemap: update find_get_pages_tag() to deal with shadow entries (Johannes Weiner) [1103065 1091795]\n- [mm] page-writeback: fix divide by zero in pos_ratio_polynom (Rik van Riel) [1103067 1091784]\n- [mm] page-writeback: add strictlimit feature (Rik van Riel) [1103067 1091784]\n- [fs] xfs: log vector rounding leaks log space (Brian Foster) [1103059 1091136]\n- [fs] xfs: truncate_setsize should be outside transactions (Brian Foster) [1103059 1091136]\n- [fs] gfs2: Fix uninitialized VFS inode in gfs2_create_inode (Abhijith Das) [1097407 1087995]\n- [kernel] futex: Fix pthread_cond_broadcast() to wake up all threads (Larry Woodman) [1103066 1084757]\n- [net] ip: generate unique IP identificator if local fragmentation is allowed (Jiri Pirko) [1090490 1076106]\n- [kernel] cputime: Fix jiffies based cputime assumption on steal accounting (Frederic Weisbecker) [1090974 1047732]\n- [kernel] cputime: Bring cputime -> nsecs conversion (Frederic Weisbecker) [1090974 1047732]\n- [kernel] cputime: Default implementation of nsecs -> cputime conversion (Frederic Weisbecker) [1090974 1047732]\n- [x86] irq, pic: Probe for legacy PIC and set legacy_pic appropriately (Vivek Goyal) [1094973 1037957]\n- [virt] hyperv/vmbus: Negotiate version 3.0 when running on ws2012r2 hosts (Vivek Goyal) [1094973 1037957]", "modified": "2014-07-23T00:00:00", "published": "2014-07-23T00:00:00", "id": "ELSA-2014-0786", "href": "http://linux.oracle.com/errata/ELSA-2014-0786.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0740\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* A NULL pointer dereference flaw was found in the rds_ib_laddr_check()\nfunction in the Linux kernel's implementation of Reliable Datagram Sockets\n(RDS). A local, unprivileged user could use this flaw to crash the system.\n(CVE-2013-7339, Moderate)\n\nRed Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and\nCVE-2014-1738.\n\nThis update also fixes the following bugs:\n\n* A bug in the futex system call could result in an overflow when passing\na very large positive timeout. As a consequence, the FUTEX_WAIT operation\ndid not work as intended and the system call was timing out immediately.\nA backported patch fixes this bug by limiting very large positive timeouts\nto the maximal supported value. (BZ#1091832)\n\n* A new Linux Security Module (LSM) functionality related to the setrlimit\nhooks should produce a warning message when used by a third party module\nthat could not cope with it. However, due to a programming error, the\nkernel could print this warning message when a process was setting rlimits\nfor a different process, or if rlimits were modified by another than the\nmain thread even though there was no incompatible third party module. This\nupdate fixes the relevant code and ensures that the kernel handles this\nwarning message correctly. (BZ#1092869)\n\n* Previously, the kernel was unable to detect KVM on system boot if the\nHyper-V emulation was enabled. A patch has been applied to ensure that\nboth KVM and Hyper-V hypervisors are now correctly detected during system\nboot. (BZ#1094152)\n\n* A function in the RPC code responsible for verifying whether cached\ncredentials match the current process did not perform the check correctly.\nThe code checked only whether the groups in the current process\ncredentials appear in the same order as in the cached credentials but did\nnot ensure that no other groups are present in the cached credentials. As\na consequence, when accessing files in NFS mounts, a process with the same\nUID and GID as the original process but with a non-matching group list\ncould have been granted an unauthorized access to a file, or under certain\ncircumstances, the process could have been wrongly prevented from\naccessing the file. The incorrect test condition has been fixed and the\nproblem can no longer occur. (BZ#1095062)\n\n* When being under heavy load, some Fibre Channel storage devices, such as\nHitachi and HP Open-V series, can send a logout (LOGO) message to the\nhost system. However, due to a bug in the lpfc driver, this could result\nin a loss of active paths to the storage and the paths could not be\nrecovered without manual intervention. This update corrects the lpfc\ndriver to ensure automatic recovery of the lost paths to the storage in\nthis scenario. (BZ#1096061)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020363.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0740.html", "modified": "2014-06-11T11:01:17", "published": "2014-06-11T11:01:17", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020363.html", "id": "CESA-2014:0740", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0433\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's TCP/IP protocol suite\nimplementation handled TCP packets with both the SYN and FIN flags set.\nA remote attacker could use this flaw to consume an excessive amount of\nresources on the target system, potentially resulting in a denial of\nservice. (CVE-2012-6638, Moderate)\n\n* A flaw was found in the way the Linux kernel handled HID (Human Interface\nDevice) reports with an out-of-bounds Report ID. An attacker with physical\naccess to the system could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2013-2888,\nModerate)\n\nThis update also fixes the following bugs:\n\n* A previous change to the sunrpc code introduced a race condition between\nthe rpc_wake_up_task() and rpc_wake_up_status() functions. A race between\nthreads operating on these functions could result in a deadlock situation,\nsubsequently triggering a \"soft lockup\" event and rendering the system\nunresponsive. This problem has been fixed by re-ordering tasks in the RPC\nwait queue. (BZ#1073731)\n\n* Running a process in the background on a GFS2 file system could\nsometimes trigger a glock recursion error that resulted in a kernel panic.\nThis happened when a readpage operation attempted to take a glock that had\nalready been held by another function. To prevent this error, GFS2 now\nverifies whether the glock is already held when performing the readpage\noperation. (BZ#1073953)\n\n* A previous patch backport to the IUCV (Inter User Communication Vehicle)\ncode was incomplete. Consequently, when establishing an IUCV connection,\nthe kernel could, under certain circumstances, dereference a NULL pointer,\nresulting in a kernel panic. A patch has been applied to correct this\nproblem by calling the proper function when removing IUCV paths.\n(BZ#1077045)\n\nIn addition, this update adds the following enhancement:\n\n* The lpfc driver had a fixed timeout of 60 seconds for SCSI task\nmanagement commands. With this update, the lpfc driver enables the user to\nset this timeout within the range from 5 to 180 seconds. The timeout can\nbe changed by modifying the \"lpfc_task_mgmt_tmo\" parameter for the lpfc\ndriver. (BZ#1073123)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/020268.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0433.html", "modified": "2014-04-25T10:56:20", "published": "2014-04-25T10:56:20", "href": "http://lists.centos.org/pipermail/centos-announce/2014-April/020268.html", "id": "CESA-2014:0433", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:0771\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's futex subsystem handled\nthe requeuing of certain Priority Inheritance (PI) futexes. A local,\nunprivileged user could use this flaw to escalate their privileges on the\nsystem. (CVE-2014-3153, Important)\n\n* A flaw was found in the way the Linux kernel's floppy driver handled user\nspace provided data in certain error code paths while processing FDRAWCMD\nIOCTL commands. A local user with write access to /dev/fdX could use this\nflaw to free (using the kfree() function) arbitrary kernel memory.\n(CVE-2014-1737, Important)\n\n* It was found that the Linux kernel's floppy driver leaked internal kernel\nmemory addresses to user space during the processing of the FDRAWCMD IOCTL\ncommand. A local user with write access to /dev/fdX could use this flaw to\nobtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\n\nNote: A local user with write access to /dev/fdX could use these two flaws\n(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their\nprivileges on the system.\n\n* It was discovered that the proc_ns_follow_link() function did not\nproperly return the LAST_BIND value in the last pathname component as is\nexpected for procfs symbolic links, which could lead to excessive freeing\nof memory and consequent slab corruption. A local, unprivileged user could\nuse this flaw to crash the system. (CVE-2014-0203, Moderate)\n\n* A flaw was found in the way the Linux kernel handled exceptions when\nuser-space applications attempted to use the linkage stack. On IBM S/390\nsystems, a local, unprivileged user could use this flaw to crash the\nsystem. (CVE-2014-2039, Moderate)\n\n* An invalid pointer dereference flaw was found in the Marvell 8xxx\nLibertas WLAN (libertas) driver in the Linux kernel. A local user able to\nwrite to a file that is provided by the libertas driver and located on the\ndebug file system (debugfs) could use this flaw to crash the system. Note:\nThe debugfs file system must be mounted locally to exploit this issue.\nIt is not mounted by default. (CVE-2013-6378, Low)\n\n* A denial of service flaw was discovered in the way the Linux kernel's\nSELinux implementation handled files with an empty SELinux security\ncontext. A local user who has the CAP_MAC_ADMIN capability could use this\nflaw to crash the system. (CVE-2014-1874, Low)\n\nRed Hat would like to thank Kees Cook of Google for reporting\nCVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738,\nand Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google\nacknowledges Pinkie Pie as the original reporter of CVE-2014-3153.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020379.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0771.html", "modified": "2014-06-20T10:10:41", "published": "2014-06-20T10:10:41", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020379.html", "id": "CESA-2014:0771", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:23:00", "bulletinFamily": "unix", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-2928-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nMay 14, 2014 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2014-0196\n\n Jiri Slaby discovered a race condition in the pty layer, which could lead\n to a denial of service or privilege escalation.\n\nCVE-2014-1737 CVE-2014-1738\n\n Matthew Daley discovered an information leak and missing input\n sanitising in the FDRAWCMD ioctl of the floppy driver. This could result\n in a privilege escalation.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze6.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 6.0 (squeeze)\n user-mode-linux 2.6.32-1um-4+48squeeze6\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or &quot;leap-frog&quot; fashion.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-05-14T18:21:42", "published": "2014-05-14T18:21:42", "id": "DEBIAN:DSA-2928-1:6623C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00109.html", "title": "[SECURITY] [DSA 2928-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:57", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2926-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 12, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-2851 \n CVE-2014-3122\n\nSeveral vulnerabilities have been discovered in the Linux kernel that \nmay lead to a denial of service, information leaks or privilege \nescalation:\n\nCVE-2014-0196\n\n Jiri Slaby discovered a race condition in the pty layer, which could\n lead to denial of service or privilege escalation.\n\nCVE-2014-1737 / CVE-2014-1738\n\n Matthew Daley discovered that missing input sanitising in the\n FDRAWCMD ioctl and an information leak could result in privilege\n escalation.\n\nCVE-2014-2851\n\n Incorrect reference counting in the ping_init_sock() function allows\n denial of service or privilege escalation.\n\nCVE-2014-3122\n\n Incorrect locking of memory can result in local denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.57-3+deb7u1. This update also fixes a regression in the isci\ndriver and suspend problems with certain AMD CPUs (introduced in the\nupdated kernel from the Wheezy 7.5 point release).\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n\n\n\n\n", "modified": "2014-05-12T15:59:28", "published": "2014-05-12T15:59:28", "id": "DEBIAN:DSA-2926-1:1D594", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00107.html", "title": "[SECURITY] [DSA 2926-1] linux security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:31:56", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel has\n been updated to fix two critical security issues.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the &quot;LECHO &amp; !OPOST&quot; case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n", "modified": "2014-05-20T19:04:37", "published": "2014-05-20T19:04:37", "id": "SUSE-SU-2014:0683-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html", "type": "suse", "title": "Security update for Linux kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:28", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the\n following severe security issues:\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the &quot;LECHO &amp; !OPOST&quot; case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n\n Security Issues references:\n\n * CVE-2014-0196\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196</a>&gt;\n * CVE-2014-1737\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737</a>&gt;\n * CVE-2014-1738\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738</a>&gt;\n", "modified": "2014-05-16T03:04:20", "published": "2014-05-16T03:04:20", "id": "SUSE-SU-2014:0667-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html", "type": "suse", "title": "Security update for Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:32:34", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 65654\r\nCVE(CAN) ID: CVE-2012-6638\r\n\r\nLinux Kernel\u662fLinux\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 3.2.24\u4e4b\u524d\u7248\u672cnet/ipv4/tcp_input.c\u5185\u7684tcp_rcv_state_process\u51fd\u6570\u5728\u5904\u7406\u5927\u91cf\u7684SYN+FIN TCP\u6570\u636e\u5305\u65f6\uff0c\u5b58\u5728\u8d8a\u754c\u8bbf\u95ee\u9519\u8bef\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\n0\nLinux kernel &lt; 3.2.24\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.kernel.org/\r\nhttp://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24\r\nhttps://github.com/torvalds/linux/commit/fdf5af0daf8019cec2396cdef8fb042d80fe71fa\r\nhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdf5af0daf8019cec2396cdef8fb042d80fe71fa", "modified": "2014-02-21T00:00:00", "published": "2014-02-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61509", "id": "SSV:61509", "title": "Linux Kernel 'tcp_rcv_state_process()'\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": ""}], "ubuntu": [{"lastseen": "2019-05-29T19:21:30", "bulletinFamily": "unix", "description": "Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738)\n\nMatthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel for systems that lack RDS transports. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-7339)\n\nAn error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-2678)", "modified": "2014-05-26T00:00:00", "published": "2014-05-26T00:00:00", "id": "USN-2220-1", "href": "https://usn.ubuntu.com/2220-1/", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:21:51", "bulletinFamily": "unix", "description": "Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738)\n\nMatthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737)\n\nA flaw was discovered in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel for systems that lack RDS transports. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-7339)\n\nAn error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-2678)", "modified": "2014-05-26T00:00:00", "published": "2014-05-26T00:00:00", "id": "USN-2219-1", "href": "https://usn.ubuntu.com/2219-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:11", "bulletinFamily": "unix", "description": "Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738)\n\nMatthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737)\n\nA flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077)\n\nT\u00f6r\u00f6k Edwin discovered a flaw with Xen netback driver when used with Linux configurations that do not allow sleeping in softirq context. A guest administrator could exploit this flaw to cause a denial of service (system crash) on the host. (CVE-2014-2580)\n\nA flaw was discovered in the Linux kernel\u2019s ping sockets. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a crafted application. (CVE-2014-2851)\n\nHannes Frederic Sowa reported a hash collision ordering problem in the xfs filesystem in the Linux kernel. A local user could exploit this flaw to cause filesystem corruption and a denial of service (oops or panic). (CVE-2014-7283)", "modified": "2014-05-27T00:00:00", "published": "2014-05-27T00:00:00", "id": "USN-2226-1", "href": "https://usn.ubuntu.com/2226-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}