{"cve": [{"lastseen": "2019-01-04T12:03:14", "bulletinFamily": "NVD", "description": "seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.", "modified": "2019-01-03T12:08:24", "published": "2014-05-08T06:55:05", "id": "CVE-2014-3215", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3215", "title": "CVE-2014-3215", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2016-09-26T17:22:52", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/500/sol16596.html", "id": "SOL16596", "title": "SOL16596 - Privilege escalation vulnerability CVE-2014-3215", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-02T14:30:29", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120446", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120446", "title": "Amazon Linux Local Check: ALAS-2015-543", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-543.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120446\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:36 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-543\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system.\");\n script_tag(name:\"solution\", value:\"Run yum update libcap-ng to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-543.html\");\n script_cve_id(\"CVE-2014-3215\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"libcap-ng-utils\", rpm:\"libcap-ng-utils~0.7.3~5.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libcap-ng-python\", rpm:\"libcap-ng-python~0.7.3~5.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libcap-ng-debuginfo\", rpm:\"libcap-ng-debuginfo~0.7.3~5.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libcap-ng\", rpm:\"libcap-ng~0.7.3~5.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"libcap-ng-devel\", rpm:\"libcap-ng-devel~0.7.3~5.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-29T12:39:37", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201412-44", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121330", "title": "Gentoo Security Advisory GLSA 201412-44", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-44.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121330\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:23 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-44\");\n script_tag(name:\"insight\", value:\"The seunshare utility is owned by root with 4755 permissions which can be exploited by a setuid system call.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-44\");\n script_cve_id(\"CVE-2014-3215\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-44\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"sys-apps/policycoreutils\", unaffected: make_list(\"ge 2.2.5-r4\"), vulnerable: make_list(\"lt 2.2.5-r4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T14:31:24", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120445", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120445", "title": "Amazon Linux Local Check: ALAS-2015-544", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-544.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120445\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:35 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-544\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system.\");\n script_tag(name:\"solution\", value:\"Run yum clean all followed by yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-544.html\");\n script_cve_id(\"CVE-2014-3215\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kernel-tools-devel\", rpm:\"kernel-tools-devel~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.14.44~32.39.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:23:52", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-3034", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123126", "title": "Oracle Linux Local Check: ELSA-2015-3034", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3034.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123126\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3034\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3034 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3034\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3034.html\");\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el5uek~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el5uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.4.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el6uek~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.4.el6uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:23:54", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-3033", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123125", "title": "Oracle Linux Local Check: ELSA-2015-3033", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3033.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123125\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:12 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3033\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3033 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3033\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3033.html\");\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.4.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.249.4.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:23:24", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-3032", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123124", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123124", "title": "Oracle Linux Local Check: ELSA-2015-3032", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3032.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123124\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:48:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3032\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3032 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3032\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3032.html\");\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.1.3.el7uek~0.4.3~4.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.1.3.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.1.3.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.1.3.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.1.3.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.1.3.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.1.3.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~68.1.3.el6uek~0.4.3~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~68.1.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~68.1.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~68.1.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~68.1.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~68.1.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~68.1.3.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:23:38", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-0864", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123129", "title": "Oracle Linux Local Check: ELSA-2015-0864", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0864.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123129\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:43 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0864\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0864 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0864\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0864.html\");\n script_cve_id(\"CVE-2014-3690\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-8884\", \"CVE-2015-1421\", \"CVE-2014-3215\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~504.16.2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:12", "bulletinFamily": "scanner", "description": "Check the version of kernel", "modified": "2017-07-10T00:00:00", "published": "2015-04-23T00:00:00", "id": "OPENVAS:1361412562310882174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882174", "title": "CentOS Update for kernel CESA-2015:0864 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2015:0864 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882174\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-23 07:33:49 +0200 (Thu, 23 Apr 2015)\");\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-3690\", \"CVE-2014-7825\", \"CVE-2014-7826\", \n \"CVE-2014-8171\", \"CVE-2014-8884\", \"CVE-2014-9529\", \"CVE-2014-9584\",\n \"CVE-2015-1421\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2015:0864 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the\n help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel packages contain the Linux\n kernel, the core of any Linux operating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"kernel on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0864\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-April/021083.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~504.16.2.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:11:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-04-22T00:00:00", "id": "OPENVAS:1361412562310871358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871358", "title": "RedHat Update for kernel RHSA-2015:0864-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:0864-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871358\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 07:21:50 +0200 (Wed, 22 Apr 2015)\");\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-3690\", \"CVE-2014-7825\", \"CVE-2014-7826\",\n \"CVE-2014-8171\", \"CVE-2014-8884\", \"CVE-2014-9529\", \"CVE-2014-9584\",\n \"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2015:0864-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n * A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n * It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n * An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n * An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n * It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n * A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n * A stack-based buffer overflow flaw was found in the TechnoTrend/ ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0864-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-April/msg00052.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~504.16.2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:38", "bulletinFamily": "unix", "description": "### Background\n\npolicycoreutils is a collection of SELinux policy utilities.\n\n### Description\n\nThe seunshare utility is owned by root with 4755 permissions which can be exploited by a setuid system call. \n\n### Impact\n\nA local attacker may be able to gain escalated privileges.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll policycoreutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-apps/policycoreutils-2.2.5-r4\"", "modified": "2014-12-26T00:00:00", "published": "2014-12-26T00:00:00", "id": "GLSA-201412-44", "href": "https://security.gentoo.org/glsa/201412-44", "type": "gentoo", "title": "policycoreutils: Privilege escalation", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:06", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system.\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum clean all_ followed by _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-tools-debuginfo-3.14.44-32.39.amzn1.i686 \n kernel-3.14.44-32.39.amzn1.i686 \n perf-debuginfo-3.14.44-32.39.amzn1.i686 \n kernel-tools-3.14.44-32.39.amzn1.i686 \n kernel-debuginfo-3.14.44-32.39.amzn1.i686 \n kernel-headers-3.14.44-32.39.amzn1.i686 \n kernel-debuginfo-common-i686-3.14.44-32.39.amzn1.i686 \n kernel-tools-devel-3.14.44-32.39.amzn1.i686 \n perf-3.14.44-32.39.amzn1.i686 \n kernel-devel-3.14.44-32.39.amzn1.i686 \n \n noarch: \n kernel-doc-3.14.44-32.39.amzn1.noarch \n \n src: \n kernel-3.14.44-32.39.amzn1.src \n \n x86_64: \n kernel-tools-3.14.44-32.39.amzn1.x86_64 \n kernel-debuginfo-3.14.44-32.39.amzn1.x86_64 \n kernel-3.14.44-32.39.amzn1.x86_64 \n kernel-headers-3.14.44-32.39.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-3.14.44-32.39.amzn1.x86_64 \n perf-3.14.44-32.39.amzn1.x86_64 \n kernel-devel-3.14.44-32.39.amzn1.x86_64 \n perf-debuginfo-3.14.44-32.39.amzn1.x86_64 \n kernel-tools-debuginfo-3.14.44-32.39.amzn1.x86_64 \n kernel-tools-devel-3.14.44-32.39.amzn1.x86_64 \n \n \n", "modified": "2015-06-16T11:42:00", "published": "2015-06-16T11:42:00", "id": "ALAS-2015-544", "href": "https://alas.aws.amazon.com/ALAS-2015-544.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:19", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system.\n\n \n**Affected Packages:** \n\n\nlibcap-ng\n\n \n**Issue Correction:** \nRun _yum update libcap-ng_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libcap-ng-utils-0.7.3-5.13.amzn1.i686 \n libcap-ng-python-0.7.3-5.13.amzn1.i686 \n libcap-ng-debuginfo-0.7.3-5.13.amzn1.i686 \n libcap-ng-0.7.3-5.13.amzn1.i686 \n libcap-ng-devel-0.7.3-5.13.amzn1.i686 \n \n src: \n libcap-ng-0.7.3-5.13.amzn1.src \n \n x86_64: \n libcap-ng-0.7.3-5.13.amzn1.x86_64 \n libcap-ng-debuginfo-0.7.3-5.13.amzn1.x86_64 \n libcap-ng-python-0.7.3-5.13.amzn1.x86_64 \n libcap-ng-devel-0.7.3-5.13.amzn1.x86_64 \n libcap-ng-utils-0.7.3-5.13.amzn1.x86_64 \n \n \n", "modified": "2015-06-16T11:41:00", "published": "2015-06-16T11:41:00", "id": "ALAS-2015-543", "href": "https://alas.aws.amazon.com/ALAS-2015-543.html", "title": "Medium: libcap-ng", "type": "amazon", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:21:44", "bulletinFamily": "scanner", "description": "A flaw was found in the way seunshare, a utility for running\nexecutables under a different security context, used the capng_lock\nfunctionality of the libcap-ng library. The subsequent invocation of\nsuid root binaries that relied on the fact that the setuid() system\ncall, among others, also sets the saved set-user-ID when dropping the\nbinaries' process privileges, could allow a local, unprivileged user\nto potentially escalate their privileges on the system.", "modified": "2018-04-18T00:00:00", "published": "2015-06-18T00:00:00", "id": "ALA_ALAS-2015-543.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84244", "title": "Amazon Linux AMI : libcap-ng (ALAS-2015-543)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-543.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84244);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3215\");\n script_xref(name:\"ALAS\", value:\"2015-543\");\n\n script_name(english:\"Amazon Linux AMI : libcap-ng (ALAS-2015-543)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way seunshare, a utility for running\nexecutables under a different security context, used the capng_lock\nfunctionality of the libcap-ng library. The subsequent invocation of\nsuid root binaries that relied on the fact that the setuid() system\ncall, among others, also sets the saved set-user-ID when dropping the\nbinaries' process privileges, could allow a local, unprivileged user\nto potentially escalate their privileges on the system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-543.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libcap-ng' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcap-ng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcap-ng-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcap-ng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcap-ng-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcap-ng-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libcap-ng-0.7.3-5.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcap-ng-debuginfo-0.7.3-5.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcap-ng-devel-0.7.3-5.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcap-ng-python-0.7.3-5.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcap-ng-utils-0.7.3-5.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcap-ng / libcap-ng-debuginfo / libcap-ng-devel / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:21:11", "bulletinFamily": "scanner", "description": "Updated libcap-ng packages fix security vulnerability :\n\ncapng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt\nto prevent regaining capabilities using setuid-root programs. This\nallows a user to run setuid programs, such as seunshare from\npolicycoreutils, as uid 0 but without capabilities, which is\npotentially dangerous (CVE-2014-3215).", "modified": "2018-07-19T00:00:00", "published": "2015-03-30T00:00:00", "id": "MANDRIVA_MDVSA-2015-156.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82409", "title": "Mandriva Linux Security Advisory : libcap-ng (MDVSA-2015:156)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:156. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82409);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-3215\");\n script_xref(name:\"MDVSA\", value:\"2015:156\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libcap-ng (MDVSA-2015:156)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libcap-ng packages fix security vulnerability :\n\ncapng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt\nto prevent regaining capabilities using setuid-root programs. This\nallows a user to run setuid programs, such as seunshare from\npolicycoreutils, as uid 0 but without capabilities, which is\npotentially dangerous (CVE-2014-3215).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0251.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cap-ng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cap-ng0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcap-ng-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-libcap-ng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64cap-ng-devel-0.7.3-4.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64cap-ng0-0.7.3-4.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"libcap-ng-utils-0.7.3-4.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"python-libcap-ng-0.7.3-4.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:26:05", "bulletinFamily": "scanner", "description": "libcap-ng was updated to fix one security issue. This security issue\nwas fixed :\n\n - CVE-2014-3215: seunshare in policycoreutils (which uses\n libcap-ng) is owned by root with 4755 permissions, and\n executes programs in a way that changes the relationship\n between the setuid system call and the getresuid saved\n set-user-ID value, which made it easier for local users\n to gain privileges by leveraging a program that\n mistakenly expected that it could permanently drop\n privileges (bsc#876832).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-30T00:00:00", "published": "2017-02-06T00:00:00", "id": "SUSE_SU-2017-0375-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=97014", "title": "SUSE SLES11 Security Update : libcap-ng (SUSE-SU-2017:0375-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0375-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97014);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/11/30 10:54:50\");\n\n script_cve_id(\"CVE-2014-3215\");\n script_bugtraq_id(67341);\n\n script_name(english:\"SUSE SLES11 Security Update : libcap-ng (SUSE-SU-2017:0375-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libcap-ng was updated to fix one security issue. This security issue\nwas fixed :\n\n - CVE-2014-3215: seunshare in policycoreutils (which uses\n libcap-ng) is owned by root with 4755 permissions, and\n executes programs in a way that changes the relationship\n between the setuid system call and the getresuid saved\n set-user-ID value, which made it easier for local users\n to gain privileges by leveraging a program that\n mistakenly expected that it could permanently drop\n privileges (bsc#876832).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=876832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3215/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170375-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6c26b7b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-libcap-ng-12965=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-libcap-ng-12965=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-libcap-ng-12965=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcap-ng-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcap-ng0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libcap-ng0-32bit-0.6.3-1.9.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libcap-ng0-32bit-0.6.3-1.9.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcap-ng-utils-0.6.3-1.9.6\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcap-ng0-0.6.3-1.9.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcap-ng\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:21:44", "bulletinFamily": "scanner", "description": "A flaw was found in the way seunshare, a utility for running\nexecutables under a different security context, used the capng_lock\nfunctionality of the libcap-ng library. The subsequent invocation of\nsuid root binaries that relied on the fact that the setuid() system\ncall, among others, also sets the saved set-user-ID when dropping the\nbinaries' process privileges, could allow a local, unprivileged user\nto potentially escalate their privileges on the system.", "modified": "2018-04-18T00:00:00", "published": "2015-06-18T00:00:00", "id": "ALA_ALAS-2015-544.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84245", "title": "Amazon Linux AMI : kernel (ALAS-2015-544)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-544.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84245);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3215\");\n script_xref(name:\"ALAS\", value:\"2015-544\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2015-544)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way seunshare, a utility for running\nexecutables under a different security context, used the capng_lock\nfunctionality of the libcap-ng library. The subsequent invocation of\nsuid root binaries that relied on the fact that the setuid() system\ncall, among others, also sets the saved set-user-ID when dropping the\nbinaries' process privileges, could allow a local, unprivileged user\nto potentially escalate their privileges on the system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-544.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum clean all' followed by 'yum update kernel' to update your\nsystem. You will need to reboot your system in order for the new\nkernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-3.14.44-32.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-3.14.44-32.39.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:18:32", "bulletinFamily": "scanner", "description": "Updated libcap-ng packages fix security vulnerability :\n\ncapng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt\nto prevent regaining capabilities using setuid-root programs. This\nallows a user to run setuid programs, such as seunshare from\npolicycoreutils, as uid 0 but without capabilities, which is\npotentially dangerous (CVE-2014-3215).", "modified": "2018-07-19T00:00:00", "published": "2014-06-11T00:00:00", "id": "MANDRIVA_MDVSA-2014-117.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74450", "title": "Mandriva Linux Security Advisory : libcap-ng (MDVSA-2014:117)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:117. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74450);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2014-3215\");\n script_bugtraq_id(67341);\n script_xref(name:\"MDVSA\", value:\"2014:117\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libcap-ng (MDVSA-2014:117)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libcap-ng packages fix security vulnerability :\n\ncapng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt\nto prevent regaining capabilities using setuid-root programs. This\nallows a user to run setuid programs, such as seunshare from\npolicycoreutils, as uid 0 but without capabilities, which is\npotentially dangerous (CVE-2014-3215).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0251.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cap-ng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cap-ng0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcap-ng-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-libcap-ng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64cap-ng-devel-0.6.6-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64cap-ng0-0.6.6-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"libcap-ng-utils-0.6.6-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-libcap-ng-0.6.6-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:20:32", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201412-44\n(policycoreutils: Privilege escalation)\n\n The seunshare utility is owned by root with 4755 permissions which can\n be exploited by a setuid system call.\nImpact :\n\n A local attacker may be able to gain escalated privileges.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2015-04-13T00:00:00", "published": "2014-12-29T00:00:00", "id": "GENTOO_GLSA-201412-44.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80265", "title": "GLSA-201412-44 : policycoreutils: Privilege escalation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-44.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80265);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:33:56 $\");\n\n script_cve_id(\"CVE-2014-3215\");\n script_bugtraq_id(67341);\n script_xref(name:\"GLSA\", value:\"201412-44\");\n\n script_name(english:\"GLSA-201412-44 : policycoreutils: Privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-44\n(policycoreutils: Privilege escalation)\n\n The seunshare utility is owned by root with 4755 permissions which can\n be exploited by a setuid system call.\n \nImpact :\n\n A local attacker may be able to gain escalated privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-44\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All policycoreutils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=sys-apps/policycoreutils-2.2.5-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/policycoreutils\", unaffected:make_list(\"ge 2.2.5-r4\"), vulnerable:make_list(\"lt 2.2.5-r4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:18:55", "bulletinFamily": "scanner", "description": "Besides other enhancements, this version update contains :\n\n - fix for CVE-2014-3215 (bnc#876832)\n\n - use PR_SET_NO_NEW_PRIVS to prevent gain of new\n privileges\n\n - added libcap-ng-CVE-2014-3215.patch", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2014-401.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75379", "title": "openSUSE Security Update : libcap-ng (openSUSE-SU-2014:0736-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-401.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75379);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-3215\");\n script_bugtraq_id(67341);\n\n script_name(english:\"openSUSE Security Update : libcap-ng (openSUSE-SU-2014:0736-1)\");\n script_summary(english:\"Check for the openSUSE-2014-401 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Besides other enhancements, this version update contains :\n\n - fix for CVE-2014-3215 (bnc#876832)\n\n - use PR_SET_NO_NEW_PRIVS to prevent gain of new\n privileges\n\n - added libcap-ng-CVE-2014-3215.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-05/msg00084.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libcap-ng packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcap-ng-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcap-ng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcap-ng-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcap-ng-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcap-ng-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcap-ng0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcap-ng0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcap-ng0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcap-ng0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-capng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-capng-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcap-ng-debugsource-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcap-ng-devel-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcap-ng-python-debugsource-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcap-ng-utils-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcap-ng-utils-debuginfo-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcap-ng0-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcap-ng0-debuginfo-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-capng-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-capng-debuginfo-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libcap-ng0-32bit-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libcap-ng0-debuginfo-32bit-0.6.6-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcap-ng-debugsource-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcap-ng-devel-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcap-ng-python-debugsource-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcap-ng-utils-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcap-ng-utils-debuginfo-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcap-ng0-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcap-ng0-debuginfo-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-capng-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-capng-debuginfo-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libcap-ng0-32bit-0.7.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libcap-ng0-debuginfo-32bit-0.7.3-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcap-ng-python-debugsource / python-capng / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:21:23", "bulletinFamily": "scanner", "description": "Description of changes:\n\nkernel-uek\n[2.6.32-400.37.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}", "modified": "2015-12-01T00:00:00", "published": "2015-04-24T00:00:00", "id": "ORACLELINUX_ELSA-2015-3034.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83047", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3034)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3034.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83047);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:43:32 $\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[2.6.32-400.37.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005021.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.4.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.4.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.32-400.37.4.el5uek\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.37.4.el5uek-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mlnx_en-2.6.32-400.37.4.el5uekdebug-1.5.7-2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.37.4.el5uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ofa-2.6.32-400.37.4.el5uekdebug-1.5.1-4.0.58\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.32-400.37.4.el6uek\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.37.4.el6uek-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mlnx_en-2.6.32-400.37.4.el6uekdebug-1.5.7-0.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.37.4.el6uek-1.5.1-4.0.58\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ofa-2.6.32-400.37.4.el6uekdebug-1.5.1-4.0.58\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:21:23", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[2.6.39-400.249.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}", "modified": "2015-12-01T00:00:00", "published": "2015-04-24T00:00:00", "id": "ORACLELINUX_ELSA-2015-3033.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83046", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3033)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3033.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83046);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:43:32 $\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-9584\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3033)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.249.4.el6uek]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: \n20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. \n(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs \n(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/005019.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.249.4.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.249.4.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.249.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.249.4.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:21:24", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - isofs: Fix unchecked printing of ER records (Jan Kara)\n [Orabug: 20930551] (CVE-2014-9584)\n\n - KEYS: close race between key lookup and freeing (Sasha\n Levin) [Orabug: 20930548] (CVE-2014-9529)\n (CVE-2014-9529)\n\n - mm: memcg: do not allow task about to OOM kill to bypass\n the limit (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not declare OOM from __GFP_NOFAIL\n allocations (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - fs: buffer: move allocation failure loop into the\n allocator (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: handle non-error OOM situations more\n gracefully (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not trap chargers with full callstack on\n OOM (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: rework and document OOM waiting and wakeup\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: enable memcg OOM killer only for user faults\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - x86: finish user fault error path with fatal signal\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - arch: mm: pass userspace fault flag to generic fault\n handler (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - selinux: Permit bounded transitions under NO_NEW_PRIVS\n or NOSUID. (Stephen Smalley) [Orabug: 20930501]\n (CVE-2014-3215)", "modified": "2018-07-24T00:00:00", "published": "2015-04-28T00:00:00", "id": "ORACLEVM_OVMSA-2015-0056.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83108", "title": "OracleVM 3.3 : kernel-uek (OVMSA-2015-0056)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0056.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83108);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8171\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(67341, 71880, 71883, 74293);\n\n script_name(english:\"OracleVM 3.3 : kernel-uek (OVMSA-2015-0056)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - isofs: Fix unchecked printing of ER records (Jan Kara)\n [Orabug: 20930551] (CVE-2014-9584)\n\n - KEYS: close race between key lookup and freeing (Sasha\n Levin) [Orabug: 20930548] (CVE-2014-9529)\n (CVE-2014-9529)\n\n - mm: memcg: do not allow task about to OOM kill to bypass\n the limit (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not declare OOM from __GFP_NOFAIL\n allocations (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - fs: buffer: move allocation failure loop into the\n allocator (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: handle non-error OOM situations more\n gracefully (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - mm: memcg: do not trap chargers with full callstack on\n OOM (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: rework and document OOM waiting and wakeup\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - mm: memcg: enable memcg OOM killer only for user faults\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - x86: finish user fault error path with fatal signal\n (Johannes Weiner) [Orabug: 20930539] (CVE-2014-8171)\n\n - arch: mm: pass userspace fault flag to generic fault\n handler (Johannes Weiner) [Orabug: 20930539]\n (CVE-2014-8171)\n\n - selinux: Permit bounded transitions under NO_NEW_PRIVS\n or NOSUID. (Stephen Smalley) [Orabug: 20930501]\n (CVE-2014-3215)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-April/000307.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1c84d76\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-68.1.3.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-68.1.3.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nWe think there should be a CVE ID for the combination of these two\r\nobservations:\r\n\r\n1. seunshare is intended to be setuid root (see the\r\nhttp://userspace.selinuxproject.org/trac/browser/policycoreutils/sandbox/Makefile\r\nfile)\r\n\r\n2. dropping privileges no longer makes the traditional change to the\r\nsaved set-user-ID, as shown by the getresuid example in the\r\nhttp://openwall.com/lists/oss-security/2014/04/30/4 post\r\n\r\nUse CVE-2014-3215.\r\n\r\nThis message obviously isn't intended to contribute to the technical\r\ndiscussion of how the design of seunshare and other software led to\r\nthis state. Also, nobody has sent MITRE's cve-assign team a PoC in\r\nwhich running seunshare contributes to a privilege escalation.\r\nCVE-2014-3215 might be considered an "exposure." Essentially, running\r\nseunshare is a way to bypass a potentially important protection\r\nmechanism, and that wasn't a documented effect of installing\r\nseunshare.\r\n\r\n- -- \r\nCVE assignment team, MITRE CVE Numbering Authority\r\nM/S M300\r\n202 Burlington Road, Bedford, MA 01730 USA\r\n[ PGP key available through http://cve.mitre.org/cve/request_id.html ]\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.14 (SunOS)\r\n\r\niQEcBAEBAgAGBQJTaviCAAoJEKllVAevmvmsfkQH/21wa2jxXCFiCe8YorCTcQuk\r\nXmoAgLF4bBNpP8ws8gtdHBWt5mQdo51+pZ9xAWc0og2+cqPCQZTnndookDKkbMSM\r\nTMeI23USLjEqMLnBYBAy5WDwyFcCToBBiCDXpO6KGdLBwJ6A9EudJkUcU2R63jD5\r\nwT84zak6hiGYJGnRxTlKxboMzVIFXlnWmYxm+cA7B9iGBV8bAZU/xOi9z0C2a13h\r\nZZYitwxwMvtpcQJZtf6iSxix4lH1RIeJmbFY5X8CTgQzpVEjCaW3GH/vpTX5ZpcJ\r\nK2pxzuVIUhbxVapPmy4mYnhus78WVwOveydO7jdEk9yh9wnUZUte4ihizxJsxZU=\r\n=P4Px\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:DOC:30741", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30741", "title": "[oss-security] Re: local privilege escalation due to capng_lock as used in seunshare", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:59", "bulletinFamily": "unix", "description": "[2.6.39-400.249.4]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}", "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3033", "href": "http://linux.oracle.com/errata/ELSA-2015-3033.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:43:02", "bulletinFamily": "unix", "description": "kernel-uek\n[2.6.32-400.37.4]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930553] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}", "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3034", "href": "http://linux.oracle.com/errata/ELSA-2015-3034.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:49:29", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-68.1.3]\n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}\n- KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n- mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}", "modified": "2015-04-23T00:00:00", "published": "2015-04-23T00:00:00", "id": "ELSA-2015-3032", "href": "http://linux.oracle.com/errata/ELSA-2015-3032.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:43:22", "bulletinFamily": "unix", "description": "[2.6.39-400.250.2]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331}\n[2.6.39-400.250.1]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20727114] \n- Revert 'qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low.' (Chad Dupuis) [Orabug: 20657415] \n- x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618759] \n- sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] \n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}\n- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}\n- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-3036", "href": "http://linux.oracle.com/errata/ELSA-2015-3036.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:42:12", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-68.2.2]\n- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077385] {CVE-2015-3331}\n[3.8.13-68.2.1]\n- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150}\n- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20860817] \n- Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697] \n- net/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- net/core/flow.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- mm, vmstat: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- trace, ring-buffer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- hwmon, via-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- hwmon, coretemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- octeon, watchdog: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- oprofile, nmi-timer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- intel-idle: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- drivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- acpi-cpufreq: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, fcoe: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- scsi, bnx2i: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm64, debug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm64, hw_breakpoint.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, kvm: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, pci, amd-bus: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, hpet: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, amd, ibs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, therm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, mce: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, intel, uncore: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, cpuid: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- x86, msr: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- powerpc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- sparc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- s390, smp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- s390, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- arm, hw-breakpoint: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, err-inject: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, topology: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- ia64, palinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- CPU hotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] \n- CPU hotplug: Provide lockless versions of callback registration functions (Srivatsa S. Bhat) [Orabug: 20917697] \n- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584}\n- KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}\n- mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}\n- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}\n- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159}", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-3035", "href": "http://linux.oracle.com/errata/ELSA-2015-3035.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:47", "bulletinFamily": "unix", "description": "[2.6.32-504.16.2]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}\n[2.6.32-504.16.1]\n- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1198329 1193559]\n- [security] keys: close race between key lookup and freeing (Radomir Vrbovsky) [1179849 1179850] {CVE-2014-9529}\n- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196587 1135425] {CVE-2015-1421}\n- [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1198329 1193559]\n- [fs] nfs: Be less aggressive about returning delegations for open files (Steve Dickson) [1196314 1145334]\n- [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) [1196313 1143013]\n- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1194983 1185395]\n- [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) [1194983 1185395]\n- [char] raw: Return short read or 0 at end of a raw device, not EIO (Jeff Moyer) [1195747 1142314]\n- [scsi] hpsa: Use local workqueues instead of system workqueues - part1 (Tomas Henzl) [1193639 1134115]\n- [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153326 1153327] {CVE-2014-3690}\n- [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) [1180481 1180492] {CVE-2014-9584}\n- [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff (Fam Zheng) [1198428 1166763]\n- [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1170971 1167115] {CVE-2014-8884}\n- [kernel] trace: insufficient syscall number validation in perf and ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 CVE-2014-7825}\n- [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 1149831]\n- [fs] nfs: Don't use the delegation->inode in nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831]\n- [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: don't restart our thread on ENETRESET (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: make delayed tasks not hold up everything (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Add a helper to restart the multicast task (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix IPOIB_MCAST_RUN flag usage (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Remove unnecessary port query (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [x86] kvm: Avoid pagefault in kvm_lapic_sync_to_vapic (Paolo Bonzini) [1192055 1116398]\n- [s390] kernel: fix cpu target address of directed yield (Hendrik Brueckner) [1188339 1180061]\n- [mm] memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [fs] buffer: move allocation failure loop into the allocator (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [x86] mm: finish user fault error path with fatal signal (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] pass userspace fault flag to generic fault handler (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [s390] mm: do not invoke OOM killer on kernel fault OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [powerpc] mm: remove obsolete init OOM protection (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [powerpc] mm: invoke oom-killer from remaining unconverted page fault handlers (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [security] selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}\n- [security] Add PR_\n_NO_NEW_PRIVS to prevent execve from granting privs (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}\n[2.6.32-504.15.1]\n- [netdrv] ixgbe: remove CIAA/D register reads from bad VF check (John Greene) [1196312 1156061]\n- [pci] Make FLR and AF FLR reset warning messages different (Myron Stowe) [1192365 1184540]\n- [pci] Fix unaligned access in AF transaction pending test (Myron Stowe) [1192365 1184540]\n- [pci] Merge multi-line quoted strings (Myron Stowe) [1192365 1184540]\n- [pci] Wrong register used to check pending traffic (Myron Stowe) [1192365 1184540]\n- [pci] Add pci_wait_for_pending() -- refactor pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]\n- [pci] Use pci_wait_for_pending_transaction() instead of for loop (Myron Stowe) [1192365 1184540]\n- [pci] Add pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]\n- [pci] Wait for pending transactions to complete before 82599 FLR (Myron Stowe) [1192365 1184540]\n- [scsi] storvsc: fix a bug in storvsc limits (Vitaly Kuznetsov) [1196532 1174168]\n[2.6.32-504.14.1]\n- [s390] crypto: kernel oops at insmod of the z90crypt device driver (Hendrik Brueckner) [1191916 1172137]\n- [sound] alsa: usb-audio: Fix crash at re-preparing the PCM stream (Jerry Snitselaar) [1192105 1167059]\n- [usb] ehci: bugfix: urb->hcpriv should not be NULL (Jerry Snitselaar) [1192105 1167059]\n- [mm] mmap: uncached vma support with writenotify (Jerry Snitselaar) [1192105 1167059]\n- [kernel] futex: Mention key referencing differences between shared and private futexes (Larry Woodman) [1192107 1167405]\n- [kernel] futex: Ensure get_futex_key_refs() always implies a barrier (Larry Woodman) [1192107 1167405]\n[2.6.32-504.13.1]\n- [netdrv] enic: fix rx skb checksum (Stefan Assmann) [1189068 1115505]\n- [scsi] Revert 'fix our current target reap infrastructure' (David Milburn) [1188941 1168072]\n- [scsi] Revert 'dual scan thread bug fix' (David Milburn) [1188941 1168072]\n- [net] tcp: do not copy headers in tcp_collapse() (Alexander Duyck) [1188838 1156289]\n- [net] tcp: use tcp_flags in tcp_data_queue() (Alexander Duyck) [1188838 1156289]\n- [net] tcp: use TCP_SKB_CB(skb)->tcp_flags in input path (Alexander Duyck) [1188838 1156289]\n- [net] tcp: remove unused tcp_fin() parameters (Alexander Duyck) [1188838 1156289]\n- [net] tcp: rename tcp_skb_cb flags (Alexander Duyck) [1188838 1156289]\n- [net] tcp: unify tcp flag macros (Alexander Duyck) [1188838 1156289]\n- [net] tcp: unalias tcp_skb_cb flags and ip_dsfield (Alexander Duyck) [1188838 1156289]", "modified": "2015-04-21T00:00:00", "published": "2015-04-21T00:00:00", "id": "ELSA-2015-0864", "href": "http://linux.oracle.com/errata/ELSA-2015-0864.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:57", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215\nand CVE-2014-3690, Robert \u015awi\u0119cki for reporting CVE-2014-7825 and\nCVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The\nCVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Technical Notes document linked to in the References\nsection.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "modified": "2018-06-06T20:24:17", "published": "2015-04-21T04:00:00", "id": "RHSA-2015:0864", "href": "https://access.redhat.com/errata/RHSA-2015:0864", "type": "redhat", "title": "(RHSA-2015:0864) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:27:02", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0864\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215\nand CVE-2014-3690, Robert \u015awi\u0119cki for reporting CVE-2014-7825 and\nCVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The\nCVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Technical Notes document linked to in the References\nsection.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021083.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0864.html", "modified": "2015-04-22T09:51:52", "published": "2015-04-22T09:51:52", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021083.html", "id": "CESA-2015:0864", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}