XSS&Sql injection attack in PHP-Fusion 6.00.3 Released
2005-12-23T00:00:00
ID SECURITYVULNS:DOC:10810 Type securityvulns Reporter Securityvulns Modified 2005-12-23T00:00:00
Description
XSS&Sql injection attack in PHP-Fusion 6.00.3 Released
Web page:http://www.php-fusion.co.uk/
Author:krasza[krasza@gmail.com]
1.Description
(...)"PHP-Fusion is a constantly evolving content management system (CMS) powered by PHP 4 and mySQL. It provides an easy to install system with a simple yet powerful set of administrative controls. This means you will have an easy to maintain interactive community website without requiring any knowledge of web programming."
2.XSS
When You are logged in, You can pass the XSS attack.
http://127.0.0.1/[fushion]/members.php?sortby=%3Ciframe%20src=http://securityreason.com%20%3C
After introduce this URL You should see the small frame with this site:
http://securityreason.com
3.Sql injection attack
If magic_quotes_gpc=off and You are logged in, You can pass the sql injection attack. This bug its hard enough to pass and surely we cannot admit as critical. Error appear in every file making possible estimation, because all of modules add includes/ratings_include.php and there is the bug.(...)
if (isset($_POST['post_rating'])) {
if ($_POST['rating'] > 0) {
$result = dbquery("INSERT INTO ".DB_PREFIX."ratings (rating_item_id, rating_type, rating_user, rating_vote, rating_datestamp, rating_ip) VALUES ('$rating_item_id', '$rating_type', '".$userdata['user_id']."', '".$_POST['rating']."', '".time()."', '".USER_IP."')");
}
(...)
Notice that the variable $_POST['post_rating'] is not given of the filtration what causes, that one can her properly change and pass sql injection with the question INSERT. Exploit is accessible an address:
>>>http://securityreason.com/exploitalert/182<<<
Greets:
-http://www.securityreason.com
-Snak3 from netmore
krasza
krasza@gmail.com
http://www.krewniacy.pl
{"id": "SECURITYVULNS:DOC:10810", "bulletinFamily": "software", "title": "XSS&Sql injection attack in PHP-Fusion 6.00.3 Released", "description": "XSS&Sql injection attack in PHP-Fusion 6.00.3 Released\r\nWeb page:http://www.php-fusion.co.uk/\r\n\r\nAuthor:krasza[krasza@gmail.com]\r\n\r\n1.Description\r\n(...)"PHP-Fusion is a constantly evolving content management system (CMS) powered by PHP 4 and mySQL. It provides an easy to install system with a simple yet powerful set of administrative controls. This means you will have an easy to maintain interactive community website without requiring any knowledge of web programming."\r\n\r\n2.XSS\r\nWhen You are logged in, You can pass the XSS attack.\r\nhttp://127.0.0.1/[fushion]/members.php?sortby=%3Ciframe%20src=http://securityreason.com%20%3C\r\nAfter introduce this URL You should see the small frame with this site:\r\nhttp://securityreason.com\r\n\r\n3.Sql injection attack\r\nIf magic_quotes_gpc=off and You are logged in, You can pass the sql injection attack. This bug its hard enough to pass and surely we cannot admit as critical. Error appear in every file making possible estimation, because all of modules add includes/ratings_include.php and there is the bug.(...)\r\nif (isset($_POST['post_rating'])) {\r\n if ($_POST['rating'] > 0) {\r\n $result = dbquery("INSERT INTO ".DB_PREFIX."ratings (rating_item_id, rating_type, rating_user, rating_vote, rating_datestamp, rating_ip) VALUES ('$rating_item_id', '$rating_type', '".$userdata['user_id']."', '".$_POST['rating']."', '".time()."', '".USER_IP."')");\r\n }\r\n(...)\r\n\r\nNotice that the variable $_POST['post_rating'] is not given of the filtration what causes, that one can her properly change and pass sql injection with the question INSERT. Exploit is accessible an address:\r\n>>>http://securityreason.com/exploitalert/182<<<\r\n\r\n\r\nGreets:\r\n-http://www.securityreason.com\r\n-Snak3 from netmore\r\n\r\n\r\nkrasza\r\nkrasza@gmail.com\r\nhttp://www.krewniacy.pl", "published": "2005-12-23T00:00:00", "modified": "2005-12-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10810", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:15", "edition": 1, "viewCount": 26, "enchantments": {"score": {"value": 4.8, "vector": "NONE", "modified": "2018-08-31T11:10:15", "rev": 2}, "dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1318.NASL", "EULEROS_SA-2020-1323.NASL", "EULEROS_SA-2020-1314.NASL", "DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL", "EULEROS_SA-2020-1299.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201314", "OPENVAS:1361412562311220201299", "OPENVAS:1361412562311220201323", "OPENVAS:1361412562311220201318", "OPENVAS:1361412562310892164"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "zdt", "idList": ["1337DAY-ID-34153", "1337DAY-ID-34159", "1337DAY-ID-34134"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:10149"]}, {"type": "cve", "idList": ["CVE-2020-10810"]}, {"type": "kitploit", "idList": ["KITPLOIT:1907207623071471216"]}, {"type": "mssecure", "idList": ["MSSECURE:057ED5C1C386380F0F149DBAC7F1F6EF"]}], "modified": "2018-08-31T11:10:15", "rev": 2}, "vulnersScore": 4.8}, "affectedSoftware": []}
{"rst": [{"lastseen": "2020-08-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **74[.]231.181.82** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **35**.\n First seen: 2020-08-09T03:00:00, Last seen: 2020-08-23T03:00:00.\n IOC tags: **generic**.\nASN 6389: (First IP 74.231.164.0, Last IP 74.231.195.255).\nASN Name \"BELLSOUTHNETBLK\" and Organisation \"ATT Corp\".\nASN hosts 10810 domains.\nGEO IP information: City \"Decatur\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-09T00:00:00", "id": "RST:57AA9FAB-0641-3CDB-B1C8-930E77781655", "href": "", "published": "2021-01-04T00:00:00", "title": "RST Threat feed. IOC: 74.231.181.82", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-27T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **65[.]7.74.86** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **34**.\n First seen: 2020-11-29T03:00:00, Last seen: 2020-12-27T03:00:00.\n IOC tags: **generic**.\nWe found that the IOC is used by: **necurs**.\nASN 6389: (First IP 65.7.64.0, Last IP 65.7.126.255).\nASN Name \"BELLSOUTHNETBLK\" and Organisation \"ATT Corp\".\nASN hosts 10810 domains.\nGEO IP information: City \"Shreveport\", Country \"United States\".\nIn according to RST Threat Feed the IP is related to **jhdjhriocfmoescht.com** malicious domains.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-29T00:00:00", "id": "RST:8DECAABD-6588-31DF-AB68-E497F6EB4D0E", "href": "", "published": "2020-12-28T00:00:00", "title": "RST Threat feed. IOC: 65.7.74.86", "type": "rst", "cvss": {}}], "cve": [{"lastseen": "2021-02-02T07:36:55", "description": "An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-03-22T18:15:00", "title": "CVE-2020-10810", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10810"], "modified": "2020-04-30T13:23:00", "cpe": ["cpe:/a:hdfgroup:hdf5:1.12.0"], "id": "CVE-2020-10810", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10810", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:hdfgroup:hdf5:1.12.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:28", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:21", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T05:35:21", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:28:02", "description": "In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).", "edition": 9, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-07T13:15:00", "title": "CVE-2016-10810", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10810"], "modified": "2019-08-09T14:55:00", "cpe": [], "id": "CVE-2016-10810", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10810", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2021-02-02T06:21:32", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:52:24", "description": "chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2018-05-16T13:29:00", "title": "CVE-2018-10810", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10810"], "modified": "2018-06-19T15:23:00", "cpe": ["cpe:/a:livezilla:livezilla:7.0.9.5"], "id": "CVE-2018-10810", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10810", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:livezilla:livezilla:7.0.9.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-08-04T14:02:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7027", "CVE-2016-9806", "CVE-2019-7222", "CVE-2018-1108", "CVE-2013-2896", "CVE-2013-7270", "CVE-2013-6432", "CVE-2010-5321", "CVE-2016-2053", "CVE-2007-6761", "CVE-2016-3139", "CVE-2017-10810", "CVE-2018-17182", "CVE-2014-3645", "CVE-2017-18208", "CVE-2017-17053", "CVE-2016-2062", "CVE-2014-9710", "CVE-2017-7542", "CVE-2014-3687", "CVE-2017-10662"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191526", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191526", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1526)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1526\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2010-5321\", \"CVE-2013-2896\", \"CVE-2013-6432\", \"CVE-2013-7027\", \"CVE-2013-7270\", \"CVE-2014-3645\", \"CVE-2014-3687\", \"CVE-2014-9710\", \"CVE-2016-2053\", \"CVE-2016-2062\", \"CVE-2016-3139\", \"CVE-2016-9806\", \"CVE-2017-10662\", \"CVE-2017-10810\", \"CVE-2017-17053\", \"CVE-2017-18208\", \"CVE-2017-7542\", \"CVE-2018-1108\", \"CVE-2018-17182\", \"CVE-2019-7222\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:04:52 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1526)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1526\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1526\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1526 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806)\n\nMemory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.(CVE-2010-5321)\n\nkernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.(CVE-2018-1108)\n\nThe KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.(CVE-2019-7222)\n\nThe adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.(CVE-2016-2062)\n\ndrivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.(CVE-2013-2896)\n\nThe wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)\n\nAn integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.(CVE-2017-7542)\n\nMemory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.(CVE-2017-10810) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-09T17:48:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9806", "CVE-2017-11176", "CVE-2016-9794", "CVE-2016-9754", "CVE-2017-12188", "CVE-2017-1000111", "CVE-2016-9793", "CVE-2017-1000252", "CVE-2017-10810", "CVE-2017-11473", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-1000364", "CVE-2017-10911", "CVE-2017-1000410", "CVE-2017-1000370", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-08T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191498", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1498)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1498\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_cve_id(\"CVE-2016-9754\", \"CVE-2016-9793\", \"CVE-2016-9794\", \"CVE-2016-9806\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000252\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000410\", \"CVE-2017-10661\", \"CVE-2017-10810\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-11600\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12188\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:56:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1498)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1498\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1498\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1498 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754)\n\nA flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND<pipe>RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption.(CVE-2016-9793)\n\nA use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9794)\n\nA double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806)\n\nA race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) can use this issue to crash the system.(CVE-2017-1000111)\n\nAn exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.(CVE-2017-1000112)\n\nA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64le), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execute ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-04T17:06:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2018-1120", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2018-10322", "CVE-2017-16650", "CVE-2017-12134", "CVE-2018-10323", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2018-3639", "CVE-2017-17856"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-30T00:00:00", "id": "OPENVAS:1361412562310874619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874619", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-6367a17aa3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6367a17aa3_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-6367a17aa3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874619\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 05:57:30 +0200 (Wed, 30 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-6367a17aa3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6367a17aa3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6U7NCPMTQKKHLC4ZHQCTLYN4LCP2JQ4C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.11~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-04T17:06:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-12T00:00:00", "id": "OPENVAS:1361412562310874427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874427", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-884a105c04", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_884a105c04_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-884a105c04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874427\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 06:00:51 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-884a105c04\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-884a105c04\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM3JVAHYMEV65VTITHNUM7JTHTN7Q53I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.7~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-16T16:19:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8736", "CVE-2018-10737", "CVE-2018-10735", "CVE-2018-10738", "CVE-2018-8734", "CVE-2018-8733", "CVE-2018-8735", "CVE-2018-10736", "CVE-2018-10810"], "description": "This host is running Nagios XI and is\n prone to multiple vulnerabilities.", "modified": "2020-04-15T00:00:00", "published": "2018-04-27T00:00:00", "id": "OPENVAS:1361412562310813215", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813215", "type": "openvas", "title": "Nagios XI Multiple Vulnerabilities-April18", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Nagios XI Multiple Vulnerabilities-April18\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Updated By: Rajat Mishra <rajatm@secpod.com> on 2018-05-21\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nagios:nagiosxi\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813215\");\n script_version(\"2020-04-15T09:02:26+0000\");\n script_cve_id(\"CVE-2018-8733\", \"CVE-2018-8734\", \"CVE-2018-8735\", \"CVE-2018-8736\",\n \"CVE-2018-10736\", \"CVE-2018-10735\", \"CVE-2018-10738\", \"CVE-2018-10737\",\n \"CVE-2018-10810\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-15 09:02:26 +0000 (Wed, 15 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-27 10:44:16 +0530 (Fri, 27 Apr 2018)\");\n script_tag(name:\"qod_type\", value:\"exploit\");\n script_name(\"Nagios XI Multiple Vulnerabilities-April18\");\n\n script_tag(name:\"summary\", value:\"This host is running Nagios XI and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Send crafted data via 'HTTP POST' request\n and check whether it is able access the restricted pages.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Authentication bypass vulnerability in the core config manager in allows an\n unauthenticated attacker to make configuration changes and leverage an\n authenticated SQL injection vulnerability.\n\n - SQL injection vulnerability in the core config manager allows an attacker\n to execute arbitrary SQL commands via the selInfoKey1 parameter.\n\n - A remote command execution (RCE) vulnerability allows an attacker to execute\n arbitrary commands on the target system, aka OS command injection.\n\n - A privilege escalation vulnerability, allows an attacker to leverage an\n RCE vulnerability escalating to root.\n\n - SQL injection vulnerability in the txtSearch parameter of admin/logbook.php.\n\n - SQL injection vulnerability in the chbKey1 parameter of admin/menuaccess.php.\n\n - SQL injection vulnerability in the cname parameter of admin/commandline.php.\n\n - SQL injection vulnerability in the key1 parameter of admin/info.php.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attacker to execute arbitrary SQL commands, execute arbitrary commands and\n to leverage an RCE vulnerability escalating to root.\");\n\n script_tag(name:\"affected\", value:\"Nagios XI versions 5.2.x through 5.4.x before 5.4.13\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Nagios X 5.4.13 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://www.nagios.com/downloads\");\n script_xref(name:\"URL\", value:\"https://gist.github.com/caleBot/f0a93b5a98574393e0139104eacc2d0f\");\n script_xref(name:\"URL\", value:\"https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT\");\n script_xref(name:\"URL\", value:\"https://github.com/rapid7/metasploit-framework/pull/9938\");\n script_xref(name:\"URL\", value:\"http://blog.redactedsec.net/exploits/2018/04/26/nagios.html\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_nagios_XI_detect.nasl\");\n script_mandatory_keys(\"nagiosxi/installed\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif(!http_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:http_port)){\n exit(0);\n}\n\nurl = \"/nagiosql/admin/helpedit.php\";\nlogin_data = 'txtRootPath=nagiosql%2F&txtBasePath=%2Fvar%2Fwww%2Fhtml' +\n '%2Fnagiosql%2F&selProtocol=http&txtTempdir=%2Ftmp&selLa' +\n 'nguage=en_GB&txtEncoding=utf-8&txtDBserver=localhost&tx' +\n 'tDBport=3306&txtDBname=nagiosql&txtDBuser=nagiosql&txtD' +\n 'Bpass=n%40gweb&txtLogoff=3600&txtLines=15&selSeldisable=1';\nreq = http_post_put_req(port:http_port, url:url, data:login_data,\n add_headers:make_array(\"Content-Type\", \"application/x-www-form-urlencoded\"));\nbuf = http_keepalive_send_recv(port:http_port, data:req);\n\n## Fixed versions returns HTTP/1.1 403 Forbidden\nif(buf =~ \"HTTP/1.. 302\" && \">Sub key<\" >< buf &&\n \">Nagios Core Config Manager<\" >< buf && \">serviceextinfo<\" >< buf\n && \">NagiosQL - Version:\" >< buf)\n{\n report = http_report_vuln_url(port:http_port, url:url);\n security_message(port:http_port, data:report);\n exit(0);\n}\n\nurl = \"/nagiosql/admin/settings.php\";\nreq = http_post_put_req(port:http_port, url:url, data:login_data,\n add_headers:make_array(\"Content-Type\", \"application/x-www-form-urlencoded\"));\nbuf = http_keepalive_send_recv(port:http_port, data:req);\n\n## Fixed versions returns HTTP/1.1 403 Forbidden\nif(buf =~ \"HTTP/1.. 302\" && \"NagiosQL System Monitoring Administration Tool\" >< buf\n && \">Nagios Core Config Manager<\" >< buf && \">Settings<\" >< buf && \">NagiosQL<\" >< buf)\n{\n report = http_report_vuln_url(port:http_port, url:url);\n security_message(port:http_port, data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:01:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-18T00:00:00", "id": "OPENVAS:1361412562310874365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874365", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-4ca01704a2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_4ca01704a2_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-4ca01704a2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874365\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 08:54:26 +0200 (Wed, 18 Apr 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\", \"CVE-2017-5123\",\n \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\", \"CVE-2017-14497\",\n \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\", \"CVE-2017-14051\",\n \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\", \"CVE-2017-7558\",\n \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-7533\",\n \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-4ca01704a2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4ca01704a2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3MAKT7ZDC6T4B52QFNRBYKWU75JMUX5C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.17~200.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-02-09T16:59:09", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A double free vulnerability was found in netlink_dump,\n which could cause a denial of service or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9806i1/4%0\n\n - Memory leak in drivers/media/video/videobuf-core.c in\n the videobuf subsystem in the Linux kernel 2.6.x\n through 4.x allows local users to cause a denial of\n service (memory consumption) by leveraging /dev/video\n access for a series of mmap calls that require new\n allocations, a different vulnerability than\n CVE-2007-6761. NOTE: as of 2016-06-18, this affects\n only 11 drivers that have not been updated to use\n videobuf2 instead of videobuf.(CVE-2010-5321i1/4%0\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2018-1108i1/4%0\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has an Information Leak.(CVE-2019-7222i1/4%0\n\n - The adreno_perfcounter_query_group function in\n drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU\n driver for the Linux kernel 3.x, as used in Qualcomm\n Innovation Center (QuIC) Android contributions for MSM\n devices and other products, uses an incorrect integer\n data type, which allows attackers to cause a denial of\n service (integer overflow, heap-based buffer overflow,\n and incorrect memory allocation) or possibly have\n unspecified other impact via a crafted\n IOCTL_KGSL_PERFCOUNTER_QUERY ioctl\n call.(CVE-2016-2062i1/4%0\n\n - drivers/hid/hid-ntrig.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_NTRIG is enabled, allows physically\n proximate attackers to cause a denial of service (NULL\n pointer dereference and OOPS) via a crafted\n device.(CVE-2013-2896i1/4%0\n\n - The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel\n before 3.17 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-3139i1/4%0\n\n - An integer overflow vulnerability in\n ip6_find_1stfragopt() function was found. A local\n attacker that has privileges (of CAP_NET_RAW) to open\n raw socket can cause an infinite loop inside the\n ip6_find_1stfragopt() function.(CVE-2017-7542i1/4%0\n\n - Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux\n kernel through 4.11.8 allows attackers to cause a\n denial of service (memory consumption) by triggering\n object-initialization failures.(CVE-2017-10810i1/4%0\n\n - The ping_recvmsg function in net/ipv4/ping.c in the\n Linux kernel before 3.12.4 does not properly interact\n with read system calls on ping sockets, which allows\n local users to cause a denial of service (NULL pointer\n dereference and system crash) by leveraging unspecified\n privileges to execute a crafted\n application.(CVE-2013-6432i1/4%0\n\n - The madvise_willneed function in the Linux kernel\n allows local users to cause a denial of service\n (infinite loop) by triggering use of MADVISE_WILLNEED\n for a DAX mapping.(CVE-2017-18208i1/4%0\n\n - An issue was discovered in the Linux kernel through\n 4.18.8. The vmacache_flush_all function in\n mm/vmacache.c mishandles sequence number overflows. An\n attacker can trigger a use-after-free (and possibly\n gain privileges) via certain thread creation, map,\n unmap, invalidation, and dereference\n operations.(CVE-2018-17182i1/4%0\n\n - The ieee80211_radiotap_iterator_init function in\n net/wireless/radiotap.c in the Linux kernel before\n 3.11.7 does not check whether a frame contains any data\n outside of the header, which might allow attackers to\n cause a denial of service (buffer over-read) via a\n crafted header.(CVE-2013-7027i1/4%0\n\n - The Btrfs implementation in the Linux kernel before\n 3.19 does not ensure that the visible xattr state is\n consistent with a requested replacement, which allows\n local users to bypass intended ACL settings and gain\n privileges via standard filesystem operations (1)\n during an xattr-replacement time window, related to a\n race condition, or (2) after an xattr-replacement\n attempt that fails because the data does not\n fit.(CVE-2014-9710i1/4%0\n\n - A flaw was found in the way the Linux kernel's Stream\n Control Transmission Protocol (SCTP) implementation\n handled duplicate Address Configuration Change Chunks\n (ASCONF). A remote attacker could use either of these\n flaws to crash the system.(CVE-2014-3687i1/4%0\n\n - A syntax vulnerability was discovered in the kernel's\n ASN1.1 DER decoder, which could lead to memory\n corruption or a complete local denial of service\n through x509 certificate DER files. A local system user\n could use a specially created key file to trigger\n BUG_ON() in the public_key_verify_signature() function\n (crypto/asymmetric_keys/public_key.c), to cause a\n kernel panic and crash the system.(CVE-2016-2053i1/4%0\n\n - It was found that the Linux kernel's KVM subsystem did\n not handle the VM exits gracefully for the invept\n (Invalidate Translations Derived from EPT)\n instructions. On hosts with an Intel processor and\n invept VM exit support, an unprivileged guest user\n could use these instructions to crash the\n guest.(CVE-2014-3645i1/4%0\n\n - The packet_recvmsg function in net/packet/af_packet.c\n in the Linux kernel before 3.12.4 updates a certain\n length value before ensuring that an associated data\n structure has been initialized, which allows local\n users to obtain sensitive information from kernel\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call.(CVE-2013-7270i1/4%0\n\n - The init_new_context function in\n arch/x86/include/asm/mmu_context.h in the Linux kernel,\n before 4.12.10, does not correctly handle errors from\n LDT table allocation when forking a new process. This\n could allow a local attacker to achieve a\n use-after-free or possibly have unspecified other\n impact by running a specially crafted\n program.(CVE-2017-17053i1/4%0\n\n - It was found that the sanity_check_raw_super() function\n in 'fs/f2fs/super.c' file in the Linux kernel before\n version 4.12-rc1 does not validate the f2fs filesystem\n segment count. This allows an unprivileged local user\n to cause a system panic and DoS. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled\n out, although we believe it is\n unlikely.(CVE-2017-10662i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1526)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7027", "CVE-2016-9806", "CVE-2019-7222", "CVE-2018-1108", "CVE-2013-2896", "CVE-2013-7270", "CVE-2013-6432", "CVE-2010-5321", "CVE-2016-2053", "CVE-2007-6761", "CVE-2016-3139", "CVE-2017-10810", "CVE-2018-17182", "CVE-2014-3645", "CVE-2017-18208", "CVE-2017-17053", "CVE-2016-2062", "CVE-2014-9710", "CVE-2017-7542", "CVE-2014-3687", "CVE-2017-10662"], "modified": "2019-05-14T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1526.NASL", "href": "https://www.tenable.com/plugins/nessus/124979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124979);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2010-5321\",\n \"CVE-2013-2896\",\n \"CVE-2013-6432\",\n \"CVE-2013-7027\",\n \"CVE-2013-7270\",\n \"CVE-2014-3645\",\n \"CVE-2014-3687\",\n \"CVE-2014-9710\",\n \"CVE-2016-2053\",\n \"CVE-2016-2062\",\n \"CVE-2016-3139\",\n \"CVE-2016-9806\",\n \"CVE-2017-10662\",\n \"CVE-2017-10810\",\n \"CVE-2017-17053\",\n \"CVE-2017-18208\",\n \"CVE-2017-7542\",\n \"CVE-2018-1108\",\n \"CVE-2018-17182\",\n \"CVE-2019-7222\"\n );\n script_bugtraq_id(\n 62048,\n 64013,\n 64135,\n 64744,\n 70746,\n 70766,\n 73308\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1526)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A double free vulnerability was found in netlink_dump,\n which could cause a denial of service or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9806i1/4%0\n\n - Memory leak in drivers/media/video/videobuf-core.c in\n the videobuf subsystem in the Linux kernel 2.6.x\n through 4.x allows local users to cause a denial of\n service (memory consumption) by leveraging /dev/video\n access for a series of mmap calls that require new\n allocations, a different vulnerability than\n CVE-2007-6761. NOTE: as of 2016-06-18, this affects\n only 11 drivers that have not been updated to use\n videobuf2 instead of videobuf.(CVE-2010-5321i1/4%0\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2018-1108i1/4%0\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has an Information Leak.(CVE-2019-7222i1/4%0\n\n - The adreno_perfcounter_query_group function in\n drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU\n driver for the Linux kernel 3.x, as used in Qualcomm\n Innovation Center (QuIC) Android contributions for MSM\n devices and other products, uses an incorrect integer\n data type, which allows attackers to cause a denial of\n service (integer overflow, heap-based buffer overflow,\n and incorrect memory allocation) or possibly have\n unspecified other impact via a crafted\n IOCTL_KGSL_PERFCOUNTER_QUERY ioctl\n call.(CVE-2016-2062i1/4%0\n\n - drivers/hid/hid-ntrig.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_NTRIG is enabled, allows physically\n proximate attackers to cause a denial of service (NULL\n pointer dereference and OOPS) via a crafted\n device.(CVE-2013-2896i1/4%0\n\n - The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel\n before 3.17 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-3139i1/4%0\n\n - An integer overflow vulnerability in\n ip6_find_1stfragopt() function was found. A local\n attacker that has privileges (of CAP_NET_RAW) to open\n raw socket can cause an infinite loop inside the\n ip6_find_1stfragopt() function.(CVE-2017-7542i1/4%0\n\n - Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux\n kernel through 4.11.8 allows attackers to cause a\n denial of service (memory consumption) by triggering\n object-initialization failures.(CVE-2017-10810i1/4%0\n\n - The ping_recvmsg function in net/ipv4/ping.c in the\n Linux kernel before 3.12.4 does not properly interact\n with read system calls on ping sockets, which allows\n local users to cause a denial of service (NULL pointer\n dereference and system crash) by leveraging unspecified\n privileges to execute a crafted\n application.(CVE-2013-6432i1/4%0\n\n - The madvise_willneed function in the Linux kernel\n allows local users to cause a denial of service\n (infinite loop) by triggering use of MADVISE_WILLNEED\n for a DAX mapping.(CVE-2017-18208i1/4%0\n\n - An issue was discovered in the Linux kernel through\n 4.18.8. The vmacache_flush_all function in\n mm/vmacache.c mishandles sequence number overflows. An\n attacker can trigger a use-after-free (and possibly\n gain privileges) via certain thread creation, map,\n unmap, invalidation, and dereference\n operations.(CVE-2018-17182i1/4%0\n\n - The ieee80211_radiotap_iterator_init function in\n net/wireless/radiotap.c in the Linux kernel before\n 3.11.7 does not check whether a frame contains any data\n outside of the header, which might allow attackers to\n cause a denial of service (buffer over-read) via a\n crafted header.(CVE-2013-7027i1/4%0\n\n - The Btrfs implementation in the Linux kernel before\n 3.19 does not ensure that the visible xattr state is\n consistent with a requested replacement, which allows\n local users to bypass intended ACL settings and gain\n privileges via standard filesystem operations (1)\n during an xattr-replacement time window, related to a\n race condition, or (2) after an xattr-replacement\n attempt that fails because the data does not\n fit.(CVE-2014-9710i1/4%0\n\n - A flaw was found in the way the Linux kernel's Stream\n Control Transmission Protocol (SCTP) implementation\n handled duplicate Address Configuration Change Chunks\n (ASCONF). A remote attacker could use either of these\n flaws to crash the system.(CVE-2014-3687i1/4%0\n\n - A syntax vulnerability was discovered in the kernel's\n ASN1.1 DER decoder, which could lead to memory\n corruption or a complete local denial of service\n through x509 certificate DER files. A local system user\n could use a specially created key file to trigger\n BUG_ON() in the public_key_verify_signature() function\n (crypto/asymmetric_keys/public_key.c), to cause a\n kernel panic and crash the system.(CVE-2016-2053i1/4%0\n\n - It was found that the Linux kernel's KVM subsystem did\n not handle the VM exits gracefully for the invept\n (Invalidate Translations Derived from EPT)\n instructions. On hosts with an Intel processor and\n invept VM exit support, an unprivileged guest user\n could use these instructions to crash the\n guest.(CVE-2014-3645i1/4%0\n\n - The packet_recvmsg function in net/packet/af_packet.c\n in the Linux kernel before 3.12.4 updates a certain\n length value before ensuring that an associated data\n structure has been initialized, which allows local\n users to obtain sensitive information from kernel\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call.(CVE-2013-7270i1/4%0\n\n - The init_new_context function in\n arch/x86/include/asm/mmu_context.h in the Linux kernel,\n before 4.12.10, does not correctly handle errors from\n LDT table allocation when forking a new process. This\n could allow a local attacker to achieve a\n use-after-free or possibly have unspecified other\n impact by running a specially crafted\n program.(CVE-2017-17053i1/4%0\n\n - It was found that the sanity_check_raw_super() function\n in 'fs/f2fs/super.c' file in the Linux kernel before\n version 4.12-rc1 does not validate the f2fs filesystem\n segment count. This allows an unprivileged local user\n to cause a system panic and DoS. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled\n out, although we believe it is\n unlikely.(CVE-2017-10662i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1526\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d79c113e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17182\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:56:35", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An integer overflow vulnerability was found in the\n ring_buffer_resize() calculations in which a privileged\n user can adjust the size of the ringbuffer message\n size. These calculations can create an issue where the\n kernel memory allocator will not allocate the correct\n count of pages yet expect them to be usable. This can\n lead to the ftrace() output to appear to corrupt kernel\n memory and possibly be used for privileged escalation\n or more likely kernel panic.(CVE-2016-9754)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption.(CVE-2016-9793)\n\n - A use-after-free vulnerability was found in ALSA pcm\n layer, which allows local users to cause a denial of\n service, memory corruption, or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9794)\n\n - A double free vulnerability was found in netlink_dump,\n which could cause a denial of service or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9806)\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets are\n implemented in the Linux kernel networking subsystem\n handling synchronization. A local user able to open a\n raw packet socket (requires the CAP_NET_RAW capability)\n can use this issue to crash the\n system.(CVE-2017-1000111)\n\n - An exploitable memory corruption flaw was found in the\n Linux kernel. The append path can be erroneously\n switched from UFO to non-UFO in ip_ufo_append_data()\n when building an UFO packet with MSG_MORE option. If\n unprivileged user namespaces are available, this flaw\n can be exploited to gain root\n privileges.(CVE-2017-1000112)\n\n - A stack buffer overflow flaw was found in the way the\n Bluetooth subsystem of the Linux kernel processed\n pending L2CAP configuration responses from a client. On\n systems with the stack protection feature enabled in\n the kernel (CONFIG_CC_STACKPROTECTOR=y, which is\n enabled on all architectures other than s390x and\n ppc64le), an unauthenticated attacker able to initiate\n a connection to a system via Bluetooth could use this\n flaw to crash the system. Due to the nature of the\n stack protection feature, code execution cannot be\n fully ruled out, although we believe it is unlikely. On\n systems without the stack protection feature (ppc64le\n the Bluetooth modules are not built on s390x), an\n unauthenticated attacker able to initiate a connection\n to a system via Bluetooth could use this flaw to\n remotely execute arbitrary code on the system with ring\n 0 (kernel) privileges.(CVE-2017-1000251)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (i1/4z1024) index value.(CVE-2017-1000252)\n\n - A flaw was found in the way memory was being allocated\n on the stack for user space binaries. If heap (or\n different memory region) and stack memory regions were\n adjacent to each other, an attacker could use this flaw\n to jump over the stack guard gap, cause controlled\n memory corruption on process stack or the adjacent\n memory region, and thus increase their privileges on\n the system. This is a kernel-side mitigation which\n increases the stack guard gap size from one page to 1\n MiB to make successful exploitation of this issue more\n difficult.(CVE-2017-1000364)\n\n - The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY, but does not take the\n argument and environment pointers into account, which\n allows attackers to bypass this\n limitation.(CVE-2017-1000365)\n\n - The offset2lib patch as used in the Linux Kernel\n contains a vulnerability that allows a PIE binary to be\n execve()'ed with 1GB of arguments or environmental\n strings then the stack occupies the address 0x80000000\n and the PIE binary is mapped above 0x40000000\n nullifying the protection of the offset2lib patch. This\n affects Linux Kernel version 4.11.5 and earlier. This\n is a different issue than CVE-2017-1000371. This issue\n appears to be limited to i386 based\n systems.(CVE-2017-1000370)\n\n - A flaw was found in the processing of incoming L2CAP\n bluetooth commands. Uninitialized stack variables can\n be sent to an attacker leaking data in kernel address\n space.(CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before\n version 4.11-rc1 in 'fs/timerfd.c' file which allows a\n local user to cause a kernel list corruption or\n use-after-free via simultaneous operations with a file\n descriptor which leverage improper 'might_cancel'\n queuing. An unprivileged local user could use this flaw\n to cause a denial of service of the system. Due to the\n nature of the flaw, privilege escalation cannot be\n fully ruled out, although we believe it is\n unlikely.(CVE-2017-10661)\n\n - Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux\n kernel through 4.11.8 allows attackers to cause a\n denial of service (memory consumption) by triggering\n object-initialization failures.(CVE-2017-10810)\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911)\n\n - A use-after-free flaw was found in the Netlink\n functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify\n function, a local attacker could potentially use this\n flaw to escalate their privileges on the\n system.(CVE-2017-11176)\n\n - Buffer overflow in the mp_override_legacy_irq()\n function in arch/x86/kernel/acpi/boot.c in the Linux\n kernel through 4.12.2 allows local users to gain\n privileges via a crafted ACPI table.(CVE-2017-11473)\n\n - The xfrm_migrate() function in the\n net/xfrm/xfrm_policy.c file in the Linux kernel built\n with CONFIG_XFRM_MIGRATE does not verify if the dir\n parameter is less than XFRM_POLICY_MAX. This allows a\n local attacker to cause a denial of service\n (out-of-bounds access) or possibly have unspecified\n other impact by sending a XFRM_MSG_MIGRATE netlink\n message. This flaw is present in the Linux kernel since\n an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up\n to 4.13-rc3.(CVE-2017-11600)\n\n - A security flaw was discovered in\n nl80211_set_rekey_data() function in the Linux kernel\n since v3.1-rc1 through v4.13. This function does not\n check whether the required attributes are present in a\n netlink request. This request can be issued by a user\n with CAP_NET_ADMIN privilege and may result in NULL\n dereference and a system crash.(CVE-2017-12153)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization (nVMX) feature\n enabled (nested=1), is vulnerable to a crash due to\n disabled external interrupts. As L2 guest could access\n (r/w) hardware CR8 register of the host(L0). In a\n nested visualization setup, L2 guest user could use\n this flaw to potentially crash the host(L0) resulting\n in DoS.(CVE-2017-12154)\n\n - The Linux kernel built with the KVM visualization\n support (CONFIG_KVM), with nested visualization(nVMX)\n feature enabled (nested=1), was vulnerable to a stack\n buffer overflow issue. The vulnerability could occur\n while traversing guest page table entries to resolve\n guest virtual address(gva). An L1 guest could use this\n flaw to crash the host kernel resulting in denial of\n service (DoS) or potentially execute arbitrary code on\n the host to gain privileges on the\n system.(CVE-2017-12188)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 8.0, "vector": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9806", "CVE-2017-11176", "CVE-2016-9794", "CVE-2016-9754", "CVE-2017-12188", "CVE-2017-1000111", "CVE-2016-9793", "CVE-2017-1000252", "CVE-2017-10810", "CVE-2017-11473", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-1000364", "CVE-2017-10911", "CVE-2017-1000410", "CVE-2017-1000370", "CVE-2017-12153", "CVE-2017-1000371", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "modified": "2019-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1498.NASL", "href": "https://www.tenable.com/plugins/nessus/124821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124821);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9754\",\n \"CVE-2016-9793\",\n \"CVE-2016-9794\",\n \"CVE-2016-9806\",\n \"CVE-2017-1000111\",\n \"CVE-2017-1000112\",\n \"CVE-2017-1000251\",\n \"CVE-2017-1000252\",\n \"CVE-2017-1000364\",\n \"CVE-2017-1000365\",\n \"CVE-2017-1000370\",\n \"CVE-2017-1000410\",\n \"CVE-2017-10661\",\n \"CVE-2017-10810\",\n \"CVE-2017-10911\",\n \"CVE-2017-11176\",\n \"CVE-2017-11473\",\n \"CVE-2017-11600\",\n \"CVE-2017-12153\",\n \"CVE-2017-12154\",\n \"CVE-2017-12188\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An integer overflow vulnerability was found in the\n ring_buffer_resize() calculations in which a privileged\n user can adjust the size of the ringbuffer message\n size. These calculations can create an issue where the\n kernel memory allocator will not allocate the correct\n count of pages yet expect them to be usable. This can\n lead to the ftrace() output to appear to corrupt kernel\n memory and possibly be used for privileged escalation\n or more likely kernel panic.(CVE-2016-9754)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption.(CVE-2016-9793)\n\n - A use-after-free vulnerability was found in ALSA pcm\n layer, which allows local users to cause a denial of\n service, memory corruption, or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9794)\n\n - A double free vulnerability was found in netlink_dump,\n which could cause a denial of service or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9806)\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets are\n implemented in the Linux kernel networking subsystem\n handling synchronization. A local user able to open a\n raw packet socket (requires the CAP_NET_RAW capability)\n can use this issue to crash the\n system.(CVE-2017-1000111)\n\n - An exploitable memory corruption flaw was found in the\n Linux kernel. The append path can be erroneously\n switched from UFO to non-UFO in ip_ufo_append_data()\n when building an UFO packet with MSG_MORE option. If\n unprivileged user namespaces are available, this flaw\n can be exploited to gain root\n privileges.(CVE-2017-1000112)\n\n - A stack buffer overflow flaw was found in the way the\n Bluetooth subsystem of the Linux kernel processed\n pending L2CAP configuration responses from a client. On\n systems with the stack protection feature enabled in\n the kernel (CONFIG_CC_STACKPROTECTOR=y, which is\n enabled on all architectures other than s390x and\n ppc64le), an unauthenticated attacker able to initiate\n a connection to a system via Bluetooth could use this\n flaw to crash the system. Due to the nature of the\n stack protection feature, code execution cannot be\n fully ruled out, although we believe it is unlikely. On\n systems without the stack protection feature (ppc64le\n the Bluetooth modules are not built on s390x), an\n unauthenticated attacker able to initiate a connection\n to a system via Bluetooth could use this flaw to\n remotely execute arbitrary code on the system with ring\n 0 (kernel) privileges.(CVE-2017-1000251)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (i1/4z1024) index value.(CVE-2017-1000252)\n\n - A flaw was found in the way memory was being allocated\n on the stack for user space binaries. If heap (or\n different memory region) and stack memory regions were\n adjacent to each other, an attacker could use this flaw\n to jump over the stack guard gap, cause controlled\n memory corruption on process stack or the adjacent\n memory region, and thus increase their privileges on\n the system. This is a kernel-side mitigation which\n increases the stack guard gap size from one page to 1\n MiB to make successful exploitation of this issue more\n difficult.(CVE-2017-1000364)\n\n - The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY, but does not take the\n argument and environment pointers into account, which\n allows attackers to bypass this\n limitation.(CVE-2017-1000365)\n\n - The offset2lib patch as used in the Linux Kernel\n contains a vulnerability that allows a PIE binary to be\n execve()'ed with 1GB of arguments or environmental\n strings then the stack occupies the address 0x80000000\n and the PIE binary is mapped above 0x40000000\n nullifying the protection of the offset2lib patch. This\n affects Linux Kernel version 4.11.5 and earlier. This\n is a different issue than CVE-2017-1000371. This issue\n appears to be limited to i386 based\n systems.(CVE-2017-1000370)\n\n - A flaw was found in the processing of incoming L2CAP\n bluetooth commands. Uninitialized stack variables can\n be sent to an attacker leaking data in kernel address\n space.(CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before\n version 4.11-rc1 in 'fs/timerfd.c' file which allows a\n local user to cause a kernel list corruption or\n use-after-free via simultaneous operations with a file\n descriptor which leverage improper 'might_cancel'\n queuing. An unprivileged local user could use this flaw\n to cause a denial of service of the system. Due to the\n nature of the flaw, privilege escalation cannot be\n fully ruled out, although we believe it is\n unlikely.(CVE-2017-10661)\n\n - Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux\n kernel through 4.11.8 allows attackers to cause a\n denial of service (memory consumption) by triggering\n object-initialization failures.(CVE-2017-10810)\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911)\n\n - A use-after-free flaw was found in the Netlink\n functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify\n function, a local attacker could potentially use this\n flaw to escalate their privileges on the\n system.(CVE-2017-11176)\n\n - Buffer overflow in the mp_override_legacy_irq()\n function in arch/x86/kernel/acpi/boot.c in the Linux\n kernel through 4.12.2 allows local users to gain\n privileges via a crafted ACPI table.(CVE-2017-11473)\n\n - The xfrm_migrate() function in the\n net/xfrm/xfrm_policy.c file in the Linux kernel built\n with CONFIG_XFRM_MIGRATE does not verify if the dir\n parameter is less than XFRM_POLICY_MAX. This allows a\n local attacker to cause a denial of service\n (out-of-bounds access) or possibly have unspecified\n other impact by sending a XFRM_MSG_MIGRATE netlink\n message. This flaw is present in the Linux kernel since\n an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up\n to 4.13-rc3.(CVE-2017-11600)\n\n - A security flaw was discovered in\n nl80211_set_rekey_data() function in the Linux kernel\n since v3.1-rc1 through v4.13. This function does not\n check whether the required attributes are present in a\n netlink request. This request can be issued by a user\n with CAP_NET_ADMIN privilege and may result in NULL\n dereference and a system crash.(CVE-2017-12153)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization (nVMX) feature\n enabled (nested=1), is vulnerable to a crash due to\n disabled external interrupts. As L2 guest could access\n (r/w) hardware CR8 register of the host(L0). In a\n nested visualization setup, L2 guest user could use\n this flaw to potentially crash the host(L0) resulting\n in DoS.(CVE-2017-12154)\n\n - The Linux kernel built with the KVM visualization\n support (CONFIG_KVM), with nested visualization(nVMX)\n feature enabled (nested=1), was vulnerable to a stack\n buffer overflow issue. The vulnerability could occur\n while traversing guest page table entries to resolve\n guest virtual address(gva). An L1 guest could use this\n flaw to crash the host kernel resulting in denial of\n service (DoS) or potentially execute arbitrary code on\n the host to gain privileges on the\n system.(CVE-2017-12188)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1498\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e495b75\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000251\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-05-29T11:10:03", "published": "2018-05-29T11:10:03", "id": "FEDORA:44065605602A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.11-100.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-05-11T17:46:05", "published": "2018-05-11T17:46:05", "id": "FEDORA:648496077DD1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.7-100.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-04-18T01:07:00", "published": "2018-04-18T01:07:00", "id": "FEDORA:6F1BC604D0C1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.15.17-200.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
