DATABASE RESOURCES PRICING ABOUT US

{"id": "USN-1269-1", "vendorId": null, "type": "ubuntu", "bulletinFamily": "unix", "title": "Linux kernel (EC2) vulnerabilities", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux-ec2 \\- Linux kernel for EC2\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly \nhandled unlock requests. A local attacker could exploit this to cause a \ndenial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. \nA local attacker could exploit this to crash the system, leading to a \ndenial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID \nlengths. A local attacker could exploit this to cause a denial of service \nor gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being \nincorrectly handled. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-2525)\n", "published": "2011-11-21T00:00:00", "modified": "2011-11-21T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://ubuntu.com/security/notices/USN-1269-1", "reporter": "Ubuntu", "references": ["/security/CVE-2011-2491", "/security/CVE-2011-2525", "/security/CVE-2011-2517", "/security/CVE-2011-2496"], "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"], "immutableFields": [], "lastseen": "2023-01-26T13:38:07", "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2011:1065", "CESA-2011:1212", "CESA-2011:1386"]}, {"type": "cve", "idList": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2303-1:FAE10", "DEBIAN:DSA-2303-2:A9DDE", "DEBIAN:DSA-2310-1:3E5BE"]}, {"type": "fedora", "idList": ["FEDORA:5FADF110BC4", "FEDORA:6F955210EC", "FEDORA:8785411086D", "FEDORA:ACEFF2102F", "FEDORA:BCC0720E13", "FEDORA:CAA68215A9"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2011-1065.NASL", "CENTOS_RHSA-2011-1212.NASL", "CENTOS_RHSA-2011-1386.NASL", "DEBIAN_DSA-2303.NASL", "DEBIAN_DSA-2310.NASL", "FEDORA_2011-11103.NASL", "FEDORA_2011-9130.NASL", "OPENSUSE-2012-342.NASL", "OPENSUSE-2012-756.NASL", "ORACLELINUX_ELSA-2011-1189.NASL", "ORACLELINUX_ELSA-2011-1212.NASL", "ORACLELINUX_ELSA-2011-1350.NASL", "ORACLELINUX_ELSA-2011-1386.NASL", "ORACLELINUX_ELSA-2011-2025.NASL", "ORACLELINUX_ELSA-2011-2029.NASL", "ORACLELINUX_ELSA-2011-2037.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "REDHAT-RHSA-2011-1065.NASL", "REDHAT-RHSA-2011-1090.NASL", "REDHAT-RHSA-2011-1163.NASL", "REDHAT-RHSA-2011-1189.NASL", "REDHAT-RHSA-2011-1212.NASL", "REDHAT-RHSA-2011-1253.NASL", "REDHAT-RHSA-2011-1350.NASL", "REDHAT-RHSA-2011-1386.NASL", "REDHAT-RHSA-2011-1408.NASL", "REDHAT-RHSA-2011-1813.NASL", "SL_20110823_KERNEL_ON_SL6_X.NASL", "SL_20110906_KERNEL_ON_SL5_X.NASL", "SL_20111005_KERNEL_ON_SL6_X.NASL", "SL_20111020_KERNEL_ON_SL5_X.NASL", "SUSE_11_3_KERNEL-110726.NASL", "SUSE_11_3_KERNEL-120104.NASL", "SUSE_11_4_KERNEL-110726.NASL", "SUSE_11_KERNEL-110718.NASL", "SUSE_KERNEL-7665.NASL", "SUSE_KERNEL-7666.NASL", "SUSE_KERNEL-7729.NASL", "SUSE_KERNEL-7734.NASL", "SUSE_KERNEL-7915.NASL", "SUSE_KERNEL-7918.NASL", "SUSE_SU-2013-1832-1.NASL", "UBUNTU_USN-1167-1.NASL", "UBUNTU_USN-1241-1.NASL", "UBUNTU_USN-1244-1.NASL", "UBUNTU_USN-1256-1.NASL", "UBUNTU_USN-1268-1.NASL", "UBUNTU_USN-1269-1.NASL", "UBUNTU_USN-1271-1.NASL", "UBUNTU_USN-1272-1.NASL", "UBUNTU_USN-1274-1.NASL", "UBUNTU_USN-1278-1.NASL", "UBUNTU_USN-1279-1.NASL", "UBUNTU_USN-1280-1.NASL", "UBUNTU_USN-1281-1.NASL", "UBUNTU_USN-1285-1.NASL", "UBUNTU_USN-1286-1.NASL", "VMWARE_VMSA-2012-0001.NASL", "VMWARE_VMSA-2012-0001_REMOTE.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103448", "OPENVAS:103558", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310122029", "OPENVAS:1361412562310122066", "OPENVAS:1361412562310122075", "OPENVAS:1361412562310122078", "OPENVAS:1361412562310122091", "OPENVAS:1361412562310122102", "OPENVAS:1361412562310122103", "OPENVAS:1361412562310122122", "OPENVAS:1361412562310840787", "OPENVAS:1361412562310840790", "OPENVAS:1361412562310840802", "OPENVAS:1361412562310840811", "OPENVAS:1361412562310840812", "OPENVAS:1361412562310840813", "OPENVAS:1361412562310840814", "OPENVAS:1361412562310840816", "OPENVAS:1361412562310840818", "OPENVAS:1361412562310840819", "OPENVAS:1361412562310840821", "OPENVAS:1361412562310840823", "OPENVAS:1361412562310840826", "OPENVAS:1361412562310840828", "OPENVAS:1361412562310850253", "OPENVAS:1361412562310863356", "OPENVAS:1361412562310863447", "OPENVAS:1361412562310863571", "OPENVAS:1361412562310863604", "OPENVAS:1361412562310863606", "OPENVAS:1361412562310863647", "OPENVAS:1361412562310870454", "OPENVAS:1361412562310870470", "OPENVAS:1361412562310870482", "OPENVAS:1361412562310870504", "OPENVAS:1361412562310870628", "OPENVAS:1361412562310870646", "OPENVAS:1361412562310880988", "OPENVAS:1361412562310880995", "OPENVAS:1361412562310881021", "OPENVAS:1361412562310881313", "OPENVAS:1361412562310881406", "OPENVAS:1361412562310881451", "OPENVAS:840787", "OPENVAS:840790", "OPENVAS:840802", "OPENVAS:840811", "OPENVAS:840812", "OPENVAS:840813", "OPENVAS:840814", "OPENVAS:840816", "OPENVAS:840818", "OPENVAS:840819", "OPENVAS:840821", "OPENVAS:840823", "OPENVAS:840826", "OPENVAS:840828", "OPENVAS:850253", "OPENVAS:863356", "OPENVAS:863447", "OPENVAS:863571", "OPENVAS:863604", "OPENVAS:863606", "OPENVAS:863647", "OPENVAS:870454", "OPENVAS:870470", "OPENVAS:870482", "OPENVAS:870504", "OPENVAS:870628", "OPENVAS:870646", "OPENVAS:880988", "OPENVAS:880995", "OPENVAS:881021", "OPENVAS:881313", "OPENVAS:881406", "OPENVAS:881451"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1065", "ELSA-2011-1189", "ELSA-2011-1212", "ELSA-2011-1350", "ELSA-2011-1386", "ELSA-2011-2025", "ELSA-2011-2029", "ELSA-2011-2037", "ELSA-2012-0150"]}, {"type": "osv", "idList": ["OSV:DSA-2303-1", "OSV:DSA-2310-1"]}, {"type": "redhat", "idList": ["RHSA-2011:1065", "RHSA-2011:1090", "RHSA-2011:1163", "RHSA-2011:1189", "RHSA-2011:1212", "RHSA-2011:1253", "RHSA-2011:1350", "RHSA-2011:1386", "RHSA-2011:1408", "RHSA-2011:1813"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27006", "SECURITYVULNS:DOC:27375", "SECURITYVULNS:DOC:27376", "SECURITYVULNS:VULN:12057"]}, {"type": "seebug", "idList": ["SSV:20865"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0206-1", "SUSE-SA:2011:031", "SUSE-SA:2011:034", "SUSE-SA:2011:040", "SUSE-SU-2011:0832-1", "SUSE-SU-2011:0899-1", "SUSE-SU-2011:1058-1"]}, {"type": "ubuntu", "idList": ["USN-1167-1", "USN-1241-1", "USN-1244-1", "USN-1256-1", "USN-1268-1", "USN-1271-1", "USN-1272-1", "USN-1274-1", "USN-1278-1", "USN-1279-1", "USN-1280-1", "USN-1281-1", "USN-1285-1", "USN-1286-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2491", "UB:CVE-2011-2496", "UB:CVE-2011-2517", "UB:CVE-2011-2525"]}, {"type": "veracode", "idList": ["VERACODE:24671", "VERACODE:24673", "VERACODE:24695"]}, {"type": "vmware", "idList": ["VMSA-2012-0001", "VMSA-2012-0001.2", "VMSA-2012-0013", "VMSA-2012-0013.2"]}]}, "score": {"value": 2.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:1065", "CESA-2011:1212", "CESA-2011:1386"]}, {"type": "cve", "idList": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2310-1:3E5BE"]}, {"type": "fedora", "idList": ["FEDORA:6F955210EC"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2011-2025.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "UBUNTU_USN-1269-1.NASL", "UBUNTU_USN-1286-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310840787", "OPENVAS:1361412562310863447", "OPENVAS:840811", "OPENVAS:840814", "OPENVAS:881451"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1065", "ELSA-2011-1189", "ELSA-2011-1212", "ELSA-2011-1350", "ELSA-2011-2025", "ELSA-2011-2029", "ELSA-2011-2037", "ELSA-2012-0150"]}, {"type": "redhat", "idList": ["RHSA-2011:1065", "RHSA-2011:1163", "RHSA-2011:1189", "RHSA-2011:1212", "RHSA-2011:1350", "RHSA-2011:1813"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27376"]}, {"type": "seebug", "idList": ["SSV:20865"]}, {"type": "suse", "idList": ["SUSE-SU-2011:1058-1"]}, {"type": "ubuntu", "idList": ["USN-1244-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2517"]}, {"type": "vmware", "idList": ["VMSA-2012-0001"]}]}, "exploitation": null, "vulnersScore": 2.4}, "_state": {"dependencies": 1674740373, "score": 1674740503}, "_internal": {"score_hash": "8ea760e6862a8e88180f02721d29ed12"}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "packageVersion": "2.6.32-340.40", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-2.6.32-340-ec2"}]}

{"nessus": [{"lastseen": "2023-01-11T14:38:33", "description": "Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1274-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"], "modified": "2014-01-27T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1274-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56916", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1274-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56916);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/01/27 00:51:26 $\");\n\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_bugtraq_id(48538, 48641);\n script_xref(name:\"USN\", value:\"1274-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1274-1)\");\n script_summary(english:\"Checks dpkg output for updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6.32-420-dove package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/Ubuntu/release\") ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.32-420-dove\", pkgver:\"2.6.32-420.38\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:11", "description": "Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1269-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1269-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1269-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56943);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_bugtraq_id(48641);\n script_xref(name:\"USN\", value:\"1269-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1269-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1269-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1269-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-340-ec2\", pkgver:\"2.6.32-340.40\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:49", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 : linux vulnerabilities (USN-1272-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1585", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1272-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1272-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56914);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_bugtraq_id(48101, 48538);\n script_xref(name:\"USN\", value:\"1272-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux vulnerabilities (USN-1272-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1272-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1272-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-generic\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-generic-pae\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-server\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-versatile\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-virtual\", pkgver:\"2.6.35-31.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:12", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1278-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1585", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1278-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1278-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56946);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_bugtraq_id(47381);\n script_xref(name:\"USN\", value:\"1278-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1278-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1278-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1278-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-generic\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-generic-pae\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-server\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-virtual\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:55", "description": "Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-12-05T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1286-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1286-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1286-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57005);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_bugtraq_id(47321, 48538, 48641, 49141, 50366, 50370, 50663, 50750, 50751);\n script_xref(name:\"USN\", value:\"1286-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1286-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1286-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1286-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-386\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-generic\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-generic-pae\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-lpia\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-preempt\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-server\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-versatile\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-virtual\", pkgver:\"2.6.32-36.79\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:23", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS : linux vulnerabilities (USN-1268-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2525", "CVE-2011-3209"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1268-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56911", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1268-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56911);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n script_bugtraq_id(47852, 47853, 48641, 50311);\n script_xref(name:\"USN\", value:\"1268-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS : linux vulnerabilities (USN-1268-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ip_gre\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ipip\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1768)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock\nimplementation. A local unprivileged attacker could exploit this\ncausing a denial of service. (CVE-2011-3209).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1268-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1268-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-386\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-generic\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-lpia\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-lpiacompat\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-openvz\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-rt\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-server\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-virtual\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-xen\", pkgver:\"2.6.24-30.96\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:02", "description": "Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on '/dev/zero' was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service.\n(CVE-2011-2479)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "USN-1281-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2183", "CVE-2011-2479", "CVE-2011-2491", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-3363"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1281-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56949", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1281-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56949);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2479\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-3363\");\n script_xref(name:\"USN\", value:\"1281-1\");\n\n script_name(english:\"USN-1281-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Andrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-2183)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on\n'/dev/zero' was incorrectly handled. A local attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2011-2479)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for\nconfiguration files in the current directory. If a privileged user\nwere tricked into running perf in a directory containing a malicious\nconfiguration file, an attacker could run arbitrary commands and\npossibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel\nstack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1281-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/24\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-1209-omap4\", pkgver:\"2.6.38-1209.17\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:51", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2011-2482, Important)\n\n* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* Buffer overflow flaws in the Linux kernel's netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate)\n\n* An off-by-one flaw was found in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems.\nA privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2011:1212)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2901"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1212.NASL", "href": "https://www.tenable.com/plugins/nessus/56271", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1212 and \n# CentOS Errata and Security Advisory 2011:1212 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56271);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_bugtraq_id(48538, 49141, 49370, 49373, 49375, 49408);\n script_xref(name:\"RHSA\", value:\"2011:1212\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2011:1212)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the Linux kernel's\nStream Control Transmission Protocol (SCTP) implementation. A remote\nattacker could send a specially crafted SCTP packet to a target\nsystem, resulting in a denial of service. (CVE-2011-2482, Important)\n\n* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\nimplementation could allow a local, unprivileged user to cause a\ndenial of service. (CVE-2011-2491, Important)\n\n* Buffer overflow flaws in the Linux kernel's netlink-based wireless\nconfiguration interface implementation could allow a local user, who\nhas the CAP_NET_ADMIN capability, to cause a denial of service or\nescalate their privileges on systems that have an active wireless\ninterface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor\nimplementation emulated the SAHF instruction. When using a\nfully-virtualized guest on a host that does not use hardware assisted\npaging (HAP), such as those running CPUs that do not have support for\n(or those that have it disabled) Intel Extended Page Tables (EPT) or\nAMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a\nprivileged guest user could trigger this flaw to cause the hypervisor\nto crash. (CVE-2011-2519, Moderate)\n\n* An off-by-one flaw was found in the __addr_ok() macro in the Linux\nkernel's Xen hypervisor implementation when running on 64-bit systems.\nA privileged guest user could trigger this flaw to cause the\nhypervisor to crash. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491,\nand Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017862.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f2fb007\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017863.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad5bb9a9\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000308.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9cba94d\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000309.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73aff1cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-274.3.1.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:35:47", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2011-2482, Important)\n\n* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* Buffer overflow flaws in the Linux kernel's netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate)\n\n* An off-by-one flaw was found in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems.\nA privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-09-07T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1212)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2901"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1212.NASL", "href": "https://www.tenable.com/plugins/nessus/56110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1212. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56110);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_bugtraq_id(48538, 49141, 49370, 49373, 49375, 49408);\n script_xref(name:\"RHSA\", value:\"2011:1212\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1212)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the Linux kernel's\nStream Control Transmission Protocol (SCTP) implementation. A remote\nattacker could send a specially crafted SCTP packet to a target\nsystem, resulting in a denial of service. (CVE-2011-2482, Important)\n\n* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\nimplementation could allow a local, unprivileged user to cause a\ndenial of service. (CVE-2011-2491, Important)\n\n* Buffer overflow flaws in the Linux kernel's netlink-based wireless\nconfiguration interface implementation could allow a local user, who\nhas the CAP_NET_ADMIN capability, to cause a denial of service or\nescalate their privileges on systems that have an active wireless\ninterface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor\nimplementation emulated the SAHF instruction. When using a\nfully-virtualized guest on a host that does not use hardware assisted\npaging (HAP), such as those running CPUs that do not have support for\n(or those that have it disabled) Intel Extended Page Tables (EPT) or\nAMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a\nprivileged guest user could trigger this flaw to cause the hypervisor\nto crash. (CVE-2011-2519, Moderate)\n\n* An off-by-one flaw was found in the __addr_ok() macro in the Linux\nkernel's Xen hypervisor implementation when running on 64-bit systems.\nA privileged guest user could trigger this flaw to cause the\nhypervisor to crash. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491,\nand Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2901\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1212\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1212\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1212\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-274.3.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:37:00", "description": "Updated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages contain the Linux kernel.\n\nThis update fixes the following security issues :\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service by sending a specially crafted SCTP packet to a target system.\n(CVE-2011-2482, Important)\n\nIf you do not run applications that use SCTP, you can prevent the sctp module from being loaded by adding the following to the end of the '/etc/modprobe.d/blacklist.conf' file :\n\nblacklist sctp\n\nThis way, the sctp module cannot be loaded accidentally, which may occur if an application that requires SCTP is started. A reboot is not necessary for this change to take effect.\n\n* A flaw in the client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service.\n(CVE-2011-2491, Important)\n\n* Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate)\n\n* A flaw in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems could allow a privileged guest user to crash the hypervisor. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes the following bugs :\n\n* On Broadcom PCI cards that use the tg3 driver, the operational state of a network device, represented by the value in '/sys/class/net/ethX/operstate', was not initialized by default.\nConsequently, the state was reported as 'unknown' when the tg3 network device was actually in the 'up' state. This update modifies the tg3 driver to properly set the operstate value. (BZ#744699)\n\n* A KVM (Kernel-based Virtual Machine) guest can get preempted by the host, when a higher priority process needs to run. When a guest is not running for several timer interrupts in a row, ticks could be lost, resulting in the jiffies timer advancing slower than expected and timeouts taking longer than expected. To correct for the issue of lost ticks, do_timer_tsc_timekeeping() checks a reference clock source (kvm-clock when running as a KVM guest) to see if timer interrupts have been missed. If so, jiffies is incremented by the number of missed timer interrupts, ensuring that programs are woken up on time.\n(BZ#747874)\n\n* When a block device object was allocated, the bd_super field was not being explicitly initialized to NULL. Previously, users of the block device object could set bd_super to NULL when the object was released by calling the kill_block_super() function. Certain third-party file systems do not always use this function, and bd_super could therefore become uninitialized when the object was allocated again. This could cause a kernel panic in the blkdev_releasepage() function, when the uninitialized bd_super field was dereferenced. Now, bd_super is properly initialized in the bdget() function, and the kernel panic no longer occurs. (BZ#751137)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1813)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2901"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-1813.NASL", "href": "https://www.tenable.com/plugins/nessus/64015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1813. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64015);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_bugtraq_id(48538, 49141, 49370, 49373, 49375, 49408);\n script_xref(name:\"RHSA\", value:\"2011:1813\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1813)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and various\nbugs are now available for Red Hat Enterprise Linux 5.6 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages contain the Linux kernel.\n\nThis update fixes the following security issues :\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice by sending a specially crafted SCTP packet to a target system.\n(CVE-2011-2482, Important)\n\nIf you do not run applications that use SCTP, you can prevent the sctp\nmodule from being loaded by adding the following to the end of the\n'/etc/modprobe.d/blacklist.conf' file :\n\nblacklist sctp\n\nThis way, the sctp module cannot be loaded accidentally, which may\noccur if an application that requires SCTP is started. A reboot is not\nnecessary for this change to take effect.\n\n* A flaw in the client-side NFS Lock Manager (NLM) implementation\ncould allow a local, unprivileged user to cause a denial of service.\n(CVE-2011-2491, Important)\n\n* Flaws in the netlink-based wireless configuration interface could\nallow a local user, who has the CAP_NET_ADMIN capability, to cause a\ndenial of service or escalate their privileges on systems that have an\nactive wireless interface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor\nimplementation emulated the SAHF instruction. When using a\nfully-virtualized guest on a host that does not use hardware assisted\npaging (HAP), such as those running CPUs that do not have support for\n(or those that have it disabled) Intel Extended Page Tables (EPT) or\nAMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a\nprivileged guest user could trigger this flaw to cause the hypervisor\nto crash. (CVE-2011-2519, Moderate)\n\n* A flaw in the __addr_ok() macro in the Linux kernel's Xen hypervisor\nimplementation when running on 64-bit systems could allow a privileged\nguest user to crash the hypervisor. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491,\nand Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes the following bugs :\n\n* On Broadcom PCI cards that use the tg3 driver, the operational state\nof a network device, represented by the value in\n'/sys/class/net/ethX/operstate', was not initialized by default.\nConsequently, the state was reported as 'unknown' when the tg3 network\ndevice was actually in the 'up' state. This update modifies the tg3\ndriver to properly set the operstate value. (BZ#744699)\n\n* A KVM (Kernel-based Virtual Machine) guest can get preempted by the\nhost, when a higher priority process needs to run. When a guest is not\nrunning for several timer interrupts in a row, ticks could be lost,\nresulting in the jiffies timer advancing slower than expected and\ntimeouts taking longer than expected. To correct for the issue of lost\nticks, do_timer_tsc_timekeeping() checks a reference clock source\n(kvm-clock when running as a KVM guest) to see if timer interrupts\nhave been missed. If so, jiffies is incremented by the number of\nmissed timer interrupts, ensuring that programs are woken up on time.\n(BZ#747874)\n\n* When a block device object was allocated, the bd_super field was not\nbeing explicitly initialized to NULL. Previously, users of the block\ndevice object could set bd_super to NULL when the object was released\nby calling the kill_block_super() function. Certain third-party file\nsystems do not always use this function, and bd_super could therefore\nbecome uninitialized when the object was allocated again. This could\ncause a kernel panic in the blkdev_releasepage() function, when the\nuninitialized bd_super field was dereferenced. Now, bd_super is\nproperly initialized in the bdget() function, and the kernel panic no\nlonger occurs. (BZ#751137)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2482.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2491.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2495.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2517.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2901.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-1813.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"kernel-doc-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.31.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.31.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:27:01", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n - A NULL pointer dereference flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2011-2482, Important)\n\n - A flaw in the Linux kernel's client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Buffer overflow flaws in the Linux kernel's netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n - A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction.\n When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate)\n\n - An off-by-one flaw was found in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems. A privileged guest user could trigger this flaw to cause the hypervisor to crash.\n (CVE-2011-2901, Moderate)\n\n - /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process.\n (CVE-2011-2495, Low)\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2901"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110906_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61132", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61132);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - A NULL pointer dereference flaw was found in the Linux\n kernel's Stream Control Transmission Protocol (SCTP)\n implementation. A remote attacker could send a specially\n crafted SCTP packet to a target system, resulting in a\n denial of service. (CVE-2011-2482, Important)\n\n - A flaw in the Linux kernel's client-side NFS Lock\n Manager (NLM) implementation could allow a local,\n unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Buffer overflow flaws in the Linux kernel's\n netlink-based wireless configuration interface\n implementation could allow a local user, who has the\n CAP_NET_ADMIN capability, to cause a denial of service\n or escalate their privileges on systems that have an\n active wireless interface. (CVE-2011-2517, Important)\n\n - A flaw was found in the way the Linux kernel's Xen\n hypervisor implementation emulated the SAHF instruction.\n When using a fully-virtualized guest on a host that does\n not use hardware assisted paging (HAP), such as those\n running CPUs that do not have support for (or those that\n have it disabled) Intel Extended Page Tables (EPT) or\n AMD Virtualization (AMD-V) Rapid Virtualization Indexing\n (RVI), a privileged guest user could trigger this flaw\n to cause the hypervisor to crash. (CVE-2011-2519,\n Moderate)\n\n - An off-by-one flaw was found in the __addr_ok() macro in\n the Linux kernel's Xen hypervisor implementation when\n running on 64-bit systems. A privileged guest user could\n trigger this flaw to cause the hypervisor to crash.\n (CVE-2011-2901, Moderate)\n\n - /proc/[PID]/io is world-readable by default. Previously,\n these files could be read without any further\n restrictions. A local, unprivileged user could read\n these files, belonging to other, possibly privileged\n processes to gather confidential information, such as\n the length of a password used in a process.\n (CVE-2011-2495, Low)\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&T=0&P=1692\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?99253446\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-debuginfo-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-debuginfo-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-common-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-debuginfo-2.6.18-274.3.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-274.3.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:50:24", "description": "From Red Hat Security Advisory 2011:1212 :\n\nUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2011-2482, Important)\n\n* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* Buffer overflow flaws in the Linux kernel's netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate)\n\n* An off-by-one flaw was found in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems.\nA privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2011-1212)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2901"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-1212.NASL", "href": "https://www.tenable.com/plugins/nessus/68334", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1212 and \n# Oracle Linux Security Advisory ELSA-2011-1212 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68334);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_bugtraq_id(48538, 49141, 49370, 49373, 49375, 49408);\n script_xref(name:\"RHSA\", value:\"2011:1212\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2011-1212)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1212 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the Linux kernel's\nStream Control Transmission Protocol (SCTP) implementation. A remote\nattacker could send a specially crafted SCTP packet to a target\nsystem, resulting in a denial of service. (CVE-2011-2482, Important)\n\n* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\nimplementation could allow a local, unprivileged user to cause a\ndenial of service. (CVE-2011-2491, Important)\n\n* Buffer overflow flaws in the Linux kernel's netlink-based wireless\nconfiguration interface implementation could allow a local user, who\nhas the CAP_NET_ADMIN capability, to cause a denial of service or\nescalate their privileges on systems that have an active wireless\ninterface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor\nimplementation emulated the SAHF instruction. When using a\nfully-virtualized guest on a host that does not use hardware assisted\npaging (HAP), such as those running CPUs that do not have support for\n(or those that have it disabled) Intel Extended Page Tables (EPT) or\nAMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a\nprivileged guest user could trigger this flaw to cause the hypervisor\nto crash. (CVE-2011-2519, Moderate)\n\n* An off-by-one flaw was found in the __addr_ok() macro in the Linux\nkernel's Xen hypervisor implementation when running on 64-bit systems.\nA privileged guest user could trigger this flaw to cause the\nhypervisor to crash. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491,\nand Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-September/002343.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-1212\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-274.3.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-274.3.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-274.3.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-274.3.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-274.3.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-274.3.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-274.3.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-274.3.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-274.3.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-274.3.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:38:10", "description": "Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1279-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2905", "CVE-2011-2909"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1279-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56947", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1279-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56947);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n script_bugtraq_id(49140, 49408, 49411, 50314);\n script_xref(name:\"USN\", value:\"1279-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1279-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for configuration\nfiles in the current directory. If a privileged user were tricked into\nrunning perf in a directory containing a malicious configuration file,\nan attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-2909).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1279-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1279-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-generic\", pkgver:\"2.6.38-13.52~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-generic-pae\", pkgver:\"2.6.38-13.52~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-server\", pkgver:\"2.6.38-13.52~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-virtual\", pkgver:\"2.6.38-13.52~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:25", "description": "Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-30T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : linux vulnerabilities (USN-1285-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2905", "CVE-2011-2909"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1285-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1285-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56978);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n script_bugtraq_id(48101, 48538, 49140, 49141, 49408, 49411, 50314);\n script_xref(name:\"USN\", value:\"1285-1\");\n\n script_name(english:\"Ubuntu 11.04 : linux vulnerabilities (USN-1285-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for configuration\nfiles in the current directory. If a privileged user were tricked into\nrunning perf in a directory containing a malicious configuration file,\nan attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-2909).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1285-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1285-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-generic\", pkgver:\"2.6.38-13.52\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-generic-pae\", pkgver:\"2.6.38-13.52\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-server\", pkgver:\"2.6.38-13.52\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-versatile\", pkgver:\"2.6.38-13.52\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-virtual\", pkgver:\"2.6.38-13.52\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:20:00", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.\n\n - CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service.\n\n - CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.\n\n - CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths.\n\n - CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.\n\n - CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.\n\n - CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service.\n\n - CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.\n\n - CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges.\n\n - CVE-2011-2723 Brent Meshier reported an issue in the GRO (generic receive offload) implementation. This can be exploited by remote users to create a denial of service (system crash) in certain network device configurations.\n\n - CVE-2011-2905 Christian Ohm discovered that the 'perf' analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running 'perf' in a directory under the control of the attacker.\n\n - CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory.\n\n - CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the 'perf' analysis tool could lead to local denial of service.\n\n - CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.\n\n - CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.\n\n - CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian bug #633738).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-09-09T00:00:00", "type": "nessus", "title": "Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1020", "CVE-2011-1576", "CVE-2011-1768", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2303.NASL", "href": "https://www.tenable.com/plugins/nessus/56130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2303. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56130);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1576\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_bugtraq_id(46567, 47321, 48383, 48441, 48472, 48538, 48641, 48804, 48907, 48929, 49140, 49141, 49152, 49256, 49289, 49295, 49408, 49411);\n script_xref(name:\"DSA\", value:\"2303\");\n\n script_name(english:\"Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2011-1020\n Kees Cook discovered an issue in the /proc filesystem\n that allows local users to gain access to sensitive\n process information after execution of a setuid binary.\n\n - CVE-2011-1576\n Ryan Sweat discovered an issue in the VLAN\n implementation. Local users may be able to cause a\n kernel memory leak, resulting in a denial of service.\n\n - CVE-2011-2484\n Vasiliy Kulikov of Openwall discovered that the number\n of exit handlers that a process can register is not\n capped, resulting in local denial of service through\n resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491\n Vasily Averin discovered an issue with the NFS locking\n implementation. A malicious NFS server can cause a\n client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492\n Marek Kroemeke and Filip Palian discovered that\n uninitialized struct elements in the Bluetooth subsystem\n could lead to a leak of sensitive kernel memory through\n leaked stack memory.\n\n - CVE-2011-2495\n Vasiliy Kulikov of Openwall discovered that the io file\n of a process' proc directory was world-readable,\n resulting in local information disclosure of information\n such as password lengths.\n\n - CVE-2011-2496\n Robert Swiecki discovered that mremap() could be abused\n for local denial of service by triggering a BUG_ON\n assert.\n\n - CVE-2011-2497\n Dan Rosenberg discovered an integer underflow in the\n Bluetooth subsystem, which could lead to denial of\n service or privilege escalation.\n\n - CVE-2011-2517\n It was discovered that the netlink-based wireless\n configuration interface performed insufficient length\n validation when parsing SSIDs, resulting in buffer\n overflows. Local users with the CAP_NET_ADMIN capability\n can cause a denial of service.\n\n - CVE-2011-2525\n Ben Pfaff reported an issue in the network scheduling\n code. A local user could cause a denial of service (NULL\n pointer dereference) by sending a specially crafted\n netlink message.\n\n - CVE-2011-2700\n Mauro Carvalho Chehab of Red Hat reported a buffer\n overflow issue in the driver for the Si4713 FM Radio\n Transmitter driver used by N900 devices. Local users\n could exploit this issue to cause a denial of service or\n potentially gain elevated privileges.\n\n - CVE-2011-2723\n Brent Meshier reported an issue in the GRO (generic\n receive offload) implementation. This can be exploited\n by remote users to create a denial of service (system\n crash) in certain network device configurations.\n\n - CVE-2011-2905\n Christian Ohm discovered that the 'perf' analysis tool\n searches for its config files in the current working\n directory. This could lead to denial of service or\n potential privilege escalation if a user with elevated\n privileges is tricked into running 'perf' in a directory\n under the control of the attacker.\n\n - CVE-2011-2909\n Vasiliy Kulikov of Openwall discovered that a\n programming error in the Comedi driver could lead to the\n information disclosure through leaked stack memory.\n\n - CVE-2011-2918\n Vince Weaver discovered that incorrect handling of\n software event overflows in the 'perf' analysis tool\n could lead to local denial of service.\n\n - CVE-2011-2928\n Timo Warns discovered that insufficient validation of Be\n filesystem images could lead to local denial of service\n if a malformed filesystem image is mounted.\n\n - CVE-2011-3188\n Dan Kaminsky reported a weakness of the sequence number\n generation in the TCP protocol implementation. This can\n be used by remote attackers to inject packets into an\n active session.\n\n - CVE-2011-3191\n Darren Lavender reported an issue in the Common Internet\n File System (CIFS). A malicious file server could cause\n memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the\nprevious security fix for CVE-2011-1768 (Debian bug #633738).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2303\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-35squeeze2. Updates for issues impacting the oldstable\ndistribution (lenny) will be available soon.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+35squeeze2\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:49", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)", "cvss3": {}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "USN-1280-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1585", "CVE-2011-2496"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1280-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56948", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1280-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56948);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2496\");\n script_xref(name:\"USN\", value:\"1280-1\");\n\n script_name(english:\"USN-1280-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that CIFS incorrectly handled authentication. When\na user had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1280-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/24\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-903-omap4\", pkgver:\"2.6.35-903.27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:ubuntu_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:34:08", "description": "Fixes some bugs that were caused by upstream stable kernel updates, including a longstanding bug causing oopses when removing USB storage devices and optical media.\n\nFixes stalls on machines with the latest Intel graphics hardware (Sandybridge.)\n\nAlso fixes some important security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-13T00:00:00", "type": "nessus", "title": "Fedora 15 : kernel-2.6.38.8-35.fc15 (2011-9130)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2497", "CVE-2011-2517"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-9130.NASL", "href": "https://www.tenable.com/plugins/nessus/55583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9130.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55583);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2497\", \"CVE-2011-2517\");\n script_bugtraq_id(48472, 48538);\n script_xref(name:\"FEDORA\", value:\"2011-9130\");\n\n script_name(english:\"Fedora 15 : kernel-2.6.38.8-35.fc15 (2011-9130)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes some bugs that were caused by upstream stable kernel updates,\nincluding a longstanding bug causing oopses when removing USB storage\ndevices and optical media.\n\nFixes stalls on machines with the latest Intel graphics hardware\n(Sandybridge.)\n\nAlso fixes some important security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=710338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=716805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718152\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062611.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d0387cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"kernel-2.6.38.8-35.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:08", "description": "Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.6 Extended Update Support, as they have already been addressed for users of Red Hat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\nThis update also fixes the following bugs :\n\n* A bug was found in the way the x86_emulate() function handled the IMUL instruction in the Xen hypervisor. On systems without support for hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug could cause fully-virtualized guests to crash or lead to silent memory corruption. In reported cases, this issue occurred when booting fully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups enabled. (BZ#712884)\n\n* A bug in the way the ibmvscsi driver handled interrupts may have prevented automatic path recovery for multipath devices. This bug only affected 64-bit PowerPC systems. (BZ#720929)\n\n* The RHSA-2009:1243 update introduced a regression in the way file locking on NFS (Network File System) was handled. This caused applications to hang if they made a lock request on a file on an NFS version 2 or 3 file system that was mounted with the 'sec=krb5' option. With this update, the original behavior of using mixed RPC authentication flavors for NFS and locking requests has been restored.\n(BZ#722854)\n\nUsers should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1163)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-1163.NASL", "href": "https://www.tenable.com/plugins/nessus/63996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1163. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63996);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\");\n script_bugtraq_id(48610, 48641);\n script_xref(name:\"RHSA\", value:\"2011:1163\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and three bugs\nare now available for Red Hat Enterprise Linux 5.6 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for two security issues. These\nissues only affected users of Red Hat Enterprise Linux 5.6 Extended\nUpdate Support, as they have already been addressed for users of Red\nHat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation\nhandled instruction emulation during virtual machine exits. A\nmalicious user-space process running in an SMP guest could trick the\nemulator into reading a different instruction than the one that caused\nthe virtual machine to exit. An unprivileged guest user could trigger\nthis flaw to crash the host. This only affects systems with both an\nAMD x86 processor and the AMD Virtualization (AMD-V) extensions\nenabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's\npacket scheduler API implementation to be called on built-in qdisc\nstructures. A local, unprivileged user could use this flaw to trigger\na NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\nThis update also fixes the following bugs :\n\n* A bug was found in the way the x86_emulate() function handled the\nIMUL instruction in the Xen hypervisor. On systems without support for\nhardware assisted paging (HAP), such as those running CPUs that do not\nhave support for (or those that have it disabled) Intel Extended Page\nTables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization\nIndexing (RVI), this bug could cause fully-virtualized guests to crash\nor lead to silent memory corruption. In reported cases, this issue\noccurred when booting fully-virtualized Red Hat Enterprise Linux 6.1\nguests with memory cgroups enabled. (BZ#712884)\n\n* A bug in the way the ibmvscsi driver handled interrupts may have\nprevented automatic path recovery for multipath devices. This bug only\naffected 64-bit PowerPC systems. (BZ#720929)\n\n* The RHSA-2009:1243 update introduced a regression in the way file\nlocking on NFS (Network File System) was handled. This caused\napplications to hang if they made a lock request on a file on an NFS\nversion 2 or 3 file system that was mounted with the 'sec=krb5'\noption. With this update, the original behavior of using mixed RPC\nauthentication flavors for NFS and locking requests has been restored.\n(BZ#722854)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2525.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2011-1065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2009-1243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-1163.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"kernel-doc-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.21.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:03", "description": "Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about the most significant bug fixes and enhancements included in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ 5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-07-22T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1065)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1065.NASL", "href": "https://www.tenable.com/plugins/nessus/55645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1065. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55645);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_bugtraq_id(48610, 48641, 48677);\n script_xref(name:\"RHSA\", value:\"2011:1065\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1065)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, address\nseveral hundred bugs, and add numerous enhancements are now available\nas part of the ongoing support and maintenance of Red Hat Enterprise\nLinux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation\nhandled instruction emulation during virtual machine exits. A\nmalicious user-space process running in an SMP guest could trick the\nemulator into reading a different instruction than the one that caused\nthe virtual machine to exit. An unprivileged guest user could trigger\nthis flaw to crash the host. This only affects systems with both an\nAMD x86 processor and the AMD Virtualization (AMD-V) extensions\nenabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's\npacket scheduler API implementation to be called on built-in qdisc\nstructures. A local, unprivileged user could use this flaw to trigger\na NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux\nkernel's Global File System 2 (GFS2) implementation. If the file\nsystem was almost full, and a local, unprivileged user made an\nfallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space\nwould prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes\nfor information about the most significant bug fixes and enhancements\nincluded in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these\nupdated packages, which correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2689\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1065\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1065\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1065\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-274.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:57", "description": "Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about the most significant bug fixes and enhancements included in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ 5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2011:1065)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1065.NASL", "href": "https://www.tenable.com/plugins/nessus/56265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1065 and \n# CentOS Errata and Security Advisory 2011:1065 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56265);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_bugtraq_id(48610, 48641, 48677);\n script_xref(name:\"RHSA\", value:\"2011:1065\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2011:1065)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, address\nseveral hundred bugs, and add numerous enhancements are now available\nas part of the ongoing support and maintenance of Red Hat Enterprise\nLinux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation\nhandled instruction emulation during virtual machine exits. A\nmalicious user-space process running in an SMP guest could trick the\nemulator into reading a different instruction than the one that caused\nthe virtual machine to exit. An unprivileged guest user could trigger\nthis flaw to crash the host. This only affects systems with both an\nAMD x86 processor and the AMD Virtualization (AMD-V) extensions\nenabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's\npacket scheduler API implementation to be called on built-in qdisc\nstructures. A local, unprivileged user could use this flaw to trigger\na NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux\nkernel's Global File System 2 (GFS2) implementation. If the file\nsystem was almost full, and a local, unprivileged user made an\nfallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space\nwould prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes\nfor information about the most significant bug fixes and enhancements\nincluded in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these\nupdated packages, which correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45fb7621\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce55b577\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000066.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0ccef8a\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80df715a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-274.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:48", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device.\n\n - CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device.\n\n - CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.\n\n - CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the alpha architecture. Local users could obtain access to sensitive kernel memory.\n\n - CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4() system call on the alpha architecture permitting local users to gain elevated privileges.\n\n - CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop.\n\n - CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.\n\n - CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths.\n\n - CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.\n\n - CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.\n\n - CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.\n\n - CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.\n\n - CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.\n\n - CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian bug #633738).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-09-26T00:00:00", "type": "nessus", "title": "Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4067", "CVE-2011-0712", "CVE-2011-1020", "CVE-2011-1768", "CVE-2011-2209", "CVE-2011-2211", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2525", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2310.NASL", "href": "https://www.tenable.com/plugins/nessus/56285", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2310. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56285);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-0712\", \"CVE-2011-1020\", \"CVE-2011-2209\", \"CVE-2011-2211\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2525\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_bugtraq_id(46419, 46567, 47321, 48254, 48333, 48383, 48441, 48472, 48641, 48687, 49141, 49256, 49289, 49295, 49408);\n script_xref(name:\"DSA\", value:\"2310\");\n\n script_name(english:\"Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2009-4067\n Rafael Dominguez Vega of MWR InfoSecurity reported an\n issue in the auerswald module, a driver for Auerswald\n PBX/System Telephone USB devices. Attackers with\n physical access to a system's USB ports could obtain\n elevated privileges using a specially crafted USB\n device.\n\n - CVE-2011-0712\n Rafael Dominguez Vega of MWR InfoSecurity reported an\n issue in the caiaq module, a USB driver for Native\n Instruments USB audio devices. Attackers with physical\n access to a system's USB ports could obtain elevated\n privileges using a specially crafted USB device.\n\n - CVE-2011-1020\n Kees Cook discovered an issue in the /proc filesystem\n that allows local users to gain access to sensitive\n process information after execution of a setuid binary.\n\n - CVE-2011-2209\n Dan Rosenberg discovered an issue in the osf_sysinfo()\n system call on the alpha architecture. Local users could\n obtain access to sensitive kernel memory.\n\n - CVE-2011-2211\n Dan Rosenberg discovered an issue in the osf_wait4()\n system call on the alpha architecture permitting local\n users to gain elevated privileges.\n\n - CVE-2011-2213\n Dan Rosenberg discovered an issue in the INET socket\n monitoring interface. Local users could cause a denial\n of service by injecting code and causing the kernel to\n execute an infinite loop.\n\n - CVE-2011-2484\n Vasiliy Kulikov of Openwall discovered that the number\n of exit handlers that a process can register is not\n capped, resulting in local denial of service through\n resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491\n Vasily Averin discovered an issue with the NFS locking\n implementation. A malicious NFS server can cause a\n client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492\n Marek Kroemeke and Filip Palian discovered that\n uninitialized struct elements in the Bluetooth subsystem\n could lead to a leak of sensitive kernel memory through\n leaked stack memory.\n\n - CVE-2011-2495\n Vasiliy Kulikov of Openwall discovered that the io file\n of a process' proc directory was world-readable,\n resulting in local information disclosure of information\n such as password lengths.\n\n - CVE-2011-2496\n Robert Swiecki discovered that mremap() could be abused\n for local denial of service by triggering a BUG_ON\n assert.\n\n - CVE-2011-2497\n Dan Rosenberg discovered an integer underflow in the\n Bluetooth subsystem, which could lead to denial of\n service or privilege escalation.\n\n - CVE-2011-2525\n Ben Pfaff reported an issue in the network scheduling\n code. A local user could cause a denial of service (NULL\n pointer dereference) by sending a specially crafted\n netlink message.\n\n - CVE-2011-2928\n Timo Warns discovered that insufficient validation of Be\n filesystem images could lead to local denial of service\n if a malformed filesystem image is mounted.\n\n - CVE-2011-3188\n Dan Kaminsky reported a weakness of the sequence number\n generation in the TCP protocol implementation. This can\n be used by remote attackers to inject packets into an\n active session.\n\n - CVE-2011-3191\n Darren Lavender reported an issue in the Common Internet\n File System (CIFS). A malicious file server could cause\n memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the\nprevious security fix for CVE-2011-1768 (Debian bug #633738).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2310\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages. These updates will\nnot become active until after the system is rebooted.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny4. Updates for arm and alpha are not yet\navailable, but will be released as soon as possible. Updates for the\nhppa and ia64 architectures will be included in the upcoming 5.0.9\npoint release.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 5.0 (lenny) \n user-mode-linux 2.6.26-1um-2+26lenny4 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"linux-base\", reference:\"2.6.26-26lenny4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:38", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2025 advisory.\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. (CVE-2011-2517)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2025)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el6uekdebug"], "id": "ORACLELINUX_ELSA-2011-2025.NASL", "href": "https://www.tenable.com/plugins/nessus/68421", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2025.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68421);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1576\",\n \"CVE-2011-1898\",\n \"CVE-2011-2183\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2497\",\n \"CVE-2011-2517\",\n \"CVE-2011-2695\"\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2025)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2011-2025 advisory.\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5\n and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor\n and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are\n processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a\n different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not\n have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI\n interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3,\n when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL\n pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel\n before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data\n structures, which allows local users to obtain potentially sensitive information from kernel memory via a\n crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in\n net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io\n files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by\n discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel\n before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have\n unspecified other impact via a small command-size value within the command header of a Logical Link\n Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users\n to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID\n value. (CVE-2011-2517)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to\n cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a\n write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-2025.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2497\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-200.19.1.el5uek', '2.6.32-200.19.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-2025');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-200.19.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-200.19.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-200.19.1.el5uek-1.5.1-4.0.28', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el5uek-1.5.1-4.0.28', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el5uekdebug-1.5.1-4.0.28', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el5uekdebug-1.5.1-4.0.28', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-200.19.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-200.19.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-200.19.1.el6uek-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el6uek-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:32", "description": "Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nAndrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "USN-1244-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3873", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2695", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-3363"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1244-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56643", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1244-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56643);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2010-3873\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2695\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-3363\");\n script_xref(name:\"USN\", value:\"1244-1\");\n\n script_name(english:\"USN-1244-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Dan Rosenberg discovered that the Linux kernel X.25 implementation\nincorrectly parsed facilities. A remote attacker could exploit this\nto crash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nAndrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nChristian Ohm discovered that the perf command looks for\nconfiguration files in the current directory. If a privileged user\nwere tricked into running perf in a directory containing a malicious\nconfiguration file, an attacker could run arbitrary commands and\npossibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel\nstack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1244-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-903-omap4\", pkgver:\"2.6.35-903.26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:27:41", "description": "It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "USN-1241-1 : linux-fsl-imx51 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2695", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3363"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56640", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1241-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56640);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2695\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3363\");\n script_xref(name:\"USN\", value:\"1241-1\");\n\n script_name(english:\"USN-1241-1 : linux-fsl-imx51 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the Stream Control Transmission Protocol\n(SCTP) implementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain\nVLAN packets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for\nconfiguration files in the current directory. If a privileged user\nwere tricked into running perf in a directory containing a malicious\nconfiguration file, an attacker could run arbitrary commands and\npossibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel\nstack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1241-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.31-611-imx51\", pkgver:\"2.6.31-611.29\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:23", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)", "cvss3": {}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "USN-1271-1 : linux-fsl-imx51 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-2491"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1271-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56913", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1271-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56913);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\");\n script_xref(name:\"USN\", value:\"1271-1\");\n\n script_name(english:\"USN-1271-1 : linux-fsl-imx51 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that CIFS incorrectly handled authentication. When\na user had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the\nip_gre module was loading, and crash the system, leading to a denial\nof service. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ipip\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1768)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1271-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.31-612-imx51\", pkgver:\"2.6.31-612.30\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:ubuntu_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-19T14:23:02", "description": "This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs.\n\nThe following security issues have been fixed :\n\n - A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. (CVE-2011-3191)\n\n - Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. (CVE-2011-1776)\n\n - The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly handle packets for a CLOSED endpoint, which allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The do_task_stat function in fs/proc/array.c in the Linux kernel did not perform an expected uid check, which made it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585)\n\nAlso following non-security bugs were fixed :\n\n - patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldme m-to-check-for-non-ram-pages.patch: fs/proc/vmcore.c:\n add hook to read_from_oldmem() to check for non-ram pages. (bnc#684297)\n\n - patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix memory leak on release.\n\n - patches.xen/1074-xenbus_conn-type.patch: xenbus: fix type inconsistency with xenbus_conn().\n\n - patches.xen/1080-blkfront-xenbus-gather-format.patch:\n blkfront: fix data size for xenbus_gather in connect().\n\n - patches.xen/1081-blkback-resize-transaction-end.patch:\n xenbus: fix xenbus_transaction_start() hang caused by double xenbus_transaction_end().\n\n - patches.xen/1089-blkback-barrier-check.patch: blkback:\n dont fail empty barrier requests.\n\n - patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus: dont BUG() on user mode induced conditions. (bnc#696107)\n\n - patches.xen/1098-blkfront-cdrom-ioctl-check.patch:\n blkfront: avoid NULL de-reference in CDROM ioctl handling. (bnc#701355)\n\n - patches.xen/1102-x86-max-contig-order.patch: x86: use dynamically adjusted upper bound for contiguous regions.\n (bnc#635880)\n\n - patches.xen/xen3-x86-sanitize-user-specified-e820-memmap\n -values.patch: x86: sanitize user specified e820 memmap values. (bnc#665543)\n\n - patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress: Fix typo, which was uncovered in debug mode.\n\n - patches.fixes/pacct-fix-sighand-siglock-usage.patch: Fix sighand->siglock usage in kernel/acct.c. (bnc#705463)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-10-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7734)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1017", "CVE-2011-1093", "CVE-2011-1585", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-2022", "CVE-2011-2182", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-3191"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7734.NASL", "href": "https://www.tenable.com/plugins/nessus/56607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56607);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1017\", \"CVE-2011-1093\", \"CVE-2011-1585\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-2182\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-3191\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7734)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues have been fixed :\n\n - A signedness issue in CIFS could possibly have lead to\n to memory corruption, if a malicious server could send\n crafted replies to the host. (CVE-2011-3191)\n\n - Timo Warns reported an issue in the Linux implementation\n for GUID partitions. Users with physical access could\n gain access to sensitive kernel memory by adding a\n storage device with a specially crafted corrupted\n invalid partition table. (CVE-2011-1776)\n\n - The dccp_rcv_state_process function in net/dccp/input.c\n in the Datagram Congestion Control Protocol (DCCP)\n implementation in the Linux kernel did not properly\n handle packets for a CLOSED endpoint, which allowed\n remote attackers to cause a denial of service (NULL\n pointer dereference and OOPS) by sending a DCCP-Close\n packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - Integer overflow in the agp_generic_insert_memory\n function in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1)\n agp_allocate_memory and (2) agp_create_user_memory\n functions in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to trigger buffer overflows,\n and consequently cause a denial of service (system\n crash) or possibly have unspecified other impact, via\n vectors related to calls that specify a large number of\n memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in\n drivers/char/agp/generic.c in the Linux kernel before\n 2.6.38.5 did not validate a certain start parameter,\n which allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_UNBIND agp_ioctl ioctl call, a different\n vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The do_task_stat function in fs/proc/array.c in the\n Linux kernel did not perform an expected uid check,\n which made it easier for local users to defeat the ASLR\n protection mechanism by reading the start_code and\n end_code fields in the /proc/#####/stat file for a\n process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where\n the pgoff inside the mapping could wrap around due to\n overflow. However, an expanding mremap() can take such a\n non-wrapping mapping and make it bigger and cause a\n wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS\n filesystem could use file locking to deadlock parts of\n an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in\n fs/partitions/ldm.c) contained bugs that could crash the\n kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - When using a setuid root mount.cifs, local users could\n hijack password protected mounted CIFS shares of other\n local users. (CVE-2011-1585)\n\nAlso following non-security bugs were fixed :\n\n -\n patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldme\n m-to-check-for-non-ram-pages.patch: fs/proc/vmcore.c:\n add hook to read_from_oldmem() to check for non-ram\n pages. (bnc#684297)\n\n - patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix\n memory leak on release.\n\n - patches.xen/1074-xenbus_conn-type.patch: xenbus: fix\n type inconsistency with xenbus_conn().\n\n - patches.xen/1080-blkfront-xenbus-gather-format.patch:\n blkfront: fix data size for xenbus_gather in connect().\n\n - patches.xen/1081-blkback-resize-transaction-end.patch:\n xenbus: fix xenbus_transaction_start() hang caused by\n double xenbus_transaction_end().\n\n - patches.xen/1089-blkback-barrier-check.patch: blkback:\n dont fail empty barrier requests.\n\n - patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus: dont\n BUG() on user mode induced conditions. (bnc#696107)\n\n - patches.xen/1098-blkfront-cdrom-ioctl-check.patch:\n blkfront: avoid NULL de-reference in CDROM ioctl\n handling. (bnc#701355)\n\n - patches.xen/1102-x86-max-contig-order.patch: x86: use\n dynamically adjusted upper bound for contiguous regions.\n (bnc#635880)\n\n -\n patches.xen/xen3-x86-sanitize-user-specified-e820-memmap\n -values.patch: x86: sanitize user specified e820 memmap\n values. (bnc#665543)\n\n -\n patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress: Fix typo, which was uncovered in debug\n mode.\n\n - patches.fixes/pacct-fix-sighand-siglock-usage.patch: Fix\n sighand->siglock usage in kernel/acct.c. (bnc#705463)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0726.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1585.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1745.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1746.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2491.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2496.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3191.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7734.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.83.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T14:59:50", "description": "This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs.\n\nThe following security issues have been fixed :\n\n - A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. (CVE-2011-3191)\n\n - Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. (CVE-2011-1776)\n\n - The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly handle packets for a CLOSED endpoint, which allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The do_task_stat function in fs/proc/array.c in the Linux kernel did not perform an expected uid check, which made it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585)\n\nAlso following non-security bugs were fixed :\n\n - patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldme m-to-check-for-non-ram-pages.patch: fs/proc/vmcore.c:\n add hook to read_from_oldmem() to check for non-ram pages. (bnc#684297)\n\n - patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix memory leak on release.\n\n - patches.xen/1074-xenbus_conn-type.patch: xenbus: fix type inconsistency with xenbus_conn().\n\n - patches.xen/1080-blkfront-xenbus-gather-format.patch:\n blkfront: fix data size for xenbus_gather in connect().\n\n - patches.xen/1081-blkback-resize-transaction-end.patch:\n xenbus: fix xenbus_transaction_start() hang caused by double xenbus_transaction_end().\n\n - patches.xen/1089-blkback-barrier-check.patch: blkback:\n dont fail empty barrier requests.\n\n - patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus: dont BUG() on user mode induced conditions. (bnc#696107)\n\n - patches.xen/1098-blkfront-cdrom-ioctl-check.patch:\n blkfront: avoid NULL de-reference in CDROM ioctl handling. (bnc#701355)\n\n - patches.xen/1102-x86-max-contig-order.patch: x86: use dynamically adjusted upper bound for contiguous regions.\n (bnc#635880)\n\n - patches.xen/xen3-x86-sanitize-user-specified-e820-memmap\n -values.patch: x86: sanitize user specified e820 memmap values. (bnc#665543)\n\n - patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress: Fix typo, which was uncovered in debug mode.\n\n - patches.fixes/pacct-fix-sighand-siglock-usage.patch: Fix sighand->siglock usage in kernel/acct.c. (bnc#705463)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7729)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1017", "CVE-2011-1093", "CVE-2011-1585", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-2022", "CVE-2011-2182", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-3191"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7729.NASL", "href": "https://www.tenable.com/plugins/nessus/59159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59159);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1017\", \"CVE-2011-1093\", \"CVE-2011-1585\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-2182\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-3191\");\n\n script_name(english:\"SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7729)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues have been fixed :\n\n - A signedness issue in CIFS could possibly have lead to\n to memory corruption, if a malicious server could send\n crafted replies to the host. (CVE-2011-3191)\n\n - Timo Warns reported an issue in the Linux implementation\n for GUID partitions. Users with physical access could\n gain access to sensitive kernel memory by adding a\n storage device with a specially crafted corrupted\n invalid partition table. (CVE-2011-1776)\n\n - The dccp_rcv_state_process function in net/dccp/input.c\n in the Datagram Congestion Control Protocol (DCCP)\n implementation in the Linux kernel did not properly\n handle packets for a CLOSED endpoint, which allowed\n remote attackers to cause a denial of service (NULL\n pointer dereference and OOPS) by sending a DCCP-Close\n packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - Integer overflow in the agp_generic_insert_memory\n function in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1)\n agp_allocate_memory and (2) agp_create_user_memory\n functions in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to trigger buffer overflows,\n and consequently cause a denial of service (system\n crash) or possibly have unspecified other impact, via\n vectors related to calls that specify a large number of\n memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in\n drivers/char/agp/generic.c in the Linux kernel before\n 2.6.38.5 did not validate a certain start parameter,\n which allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_UNBIND agp_ioctl ioctl call, a different\n vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The do_task_stat function in fs/proc/array.c in the\n Linux kernel did not perform an expected uid check,\n which made it easier for local users to defeat the ASLR\n protection mechanism by reading the start_code and\n end_code fields in the /proc/#####/stat file for a\n process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where\n the pgoff inside the mapping could wrap around due to\n overflow. However, an expanding mremap() can take such a\n non-wrapping mapping and make it bigger and cause a\n wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS\n filesystem could use file locking to deadlock parts of\n an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in\n fs/partitions/ldm.c) contained bugs that could crash the\n kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - When using a setuid root mount.cifs, local users could\n hijack password protected mounted CIFS shares of other\n local users. (CVE-2011-1585)\n\nAlso following non-security bugs were fixed :\n\n -\n patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldme\n m-to-check-for-non-ram-pages.patch: fs/proc/vmcore.c:\n add hook to read_from_oldmem() to check for non-ram\n pages. (bnc#684297)\n\n - patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix\n memory leak on release.\n\n - patches.xen/1074-xenbus_conn-type.patch: xenbus: fix\n type inconsistency with xenbus_conn().\n\n - patches.xen/1080-blkfront-xenbus-gather-format.patch:\n blkfront: fix data size for xenbus_gather in connect().\n\n - patches.xen/1081-blkback-resize-transaction-end.patch:\n xenbus: fix xenbus_transaction_start() hang caused by\n double xenbus_transaction_end().\n\n - patches.xen/1089-blkback-barrier-check.patch: blkback:\n dont fail empty barrier requests.\n\n - patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus: dont\n BUG() on user mode induced conditions. (bnc#696107)\n\n - patches.xen/1098-blkfront-cdrom-ioctl-check.patch:\n blkfront: avoid NULL de-reference in CDROM ioctl\n handling. (bnc#701355)\n\n - patches.xen/1102-x86-max-contig-order.patch: x86: use\n dynamically adjusted upper bound for contiguous regions.\n (bnc#635880)\n\n -\n patches.xen/xen3-x86-sanitize-user-specified-e820-memmap\n -values.patch: x86: sanitize user specified e820 memmap\n values. (bnc#665543)\n\n -\n patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress: Fix typo, which was uncovered in debug\n mode.\n\n - patches.fixes/pacct-fix-sighand-siglock-usage.patch: Fix\n sighand->siglock usage in kernel/acct.c. (bnc#705463)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0726.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1585.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1745.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1746.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2491.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2496.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3191.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7729.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.83.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:58", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2029 advisory.\n\n - Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. (CVE-2011-1833)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. (CVE-2011-2484)\n\n - Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping. (CVE-2011-2496)\n\n - The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic. (CVE-2011-2723)\n\n - net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. (CVE-2011-2898)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2029)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.7, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2723", "CVE-2011-2898"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el6uekdebug"], "id": "ORACLELINUX_ELSA-2011-2029.NASL", "href": "https://www.tenable.com/plugins/nessus/68422", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2029.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68422);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1833\",\n \"CVE-2011-2484\",\n \"CVE-2011-2496\",\n \"CVE-2011-2723\",\n \"CVE-2011-2898\"\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2029)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2011-2029 advisory.\n\n - Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux\n kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private\n mount with a mismatched uid. (CVE-2011-1833)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not\n prevent multiple registrations of exit handlers, which allows local users to cause a denial of service\n (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. (CVE-2011-2484)\n\n - Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows\n local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that\n expands a memory mapping. (CVE-2011-2496)\n\n - The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when\n Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows\n remote attackers to cause a denial of service (system crash) via crafted network traffic. (CVE-2011-2723)\n\n - net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to\n certain packet data structures associated with VLAN Tag Control Information, which allows local users to\n obtain potentially sensitive information via a crafted application. (CVE-2011-2898)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-2029.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1833\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-200.20.1.el5uek', '2.6.32-200.20.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-2029');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-200.20.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-200.20.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-200.20.1.el5uek-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el5uek-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-200.20.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-200.20.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-200.20.1.el6uek-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el6uek-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 5.7, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-16T14:14:18", "description": "This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes several security issues and bugs.\n\nThe following security issues were fixed :\n\n - The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly handle packets for a CLOSED endpoint, which allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.\n (CVE-2011-2484)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585)\n\n - The do_task_stat function in fs/proc/array.c in the Linux kernel did not perform an expected uid check, which made it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.\n (CVE-2011-1593)\n\n - Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel might have allowed local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. (CVE-2011-1494)\n\n - drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel did not validate (1) length and (2) offset values before performing memory copy operations, which might have allowed local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and\n _ctl_diag_read_buffer functions. (CVE-2011-1495)", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7665)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1017", "CVE-2011-1093", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-2022", "CVE-2011-2182", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2496"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7665.NASL", "href": "https://www.tenable.com/plugins/nessus/59158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59158);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1017\", \"CVE-2011-1093\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1585\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-2022\", \"CVE-2011-2182\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2496\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7665)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues were fixed :\n\n - The dccp_rcv_state_process function in net/dccp/input.c\n in the Datagram Congestion Control Protocol (DCCP)\n implementation in the Linux kernel did not properly\n handle packets for a CLOSED endpoint, which allowed\n remote attackers to cause a denial of service (NULL\n pointer dereference and OOPS) by sending a DCCP-Close\n packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - The add_del_listener function in kernel/taskstats.c in\n the Linux kernel did not prevent multiple registrations\n of exit handlers, which allowed local users to cause a\n denial of service (memory and CPU consumption), and\n bypass the OOM Killer, via a crafted application.\n (CVE-2011-2484)\n\n - Integer overflow in the agp_generic_insert_memory\n function in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1)\n agp_allocate_memory and (2) agp_create_user_memory\n functions in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to trigger buffer overflows,\n and consequently cause a denial of service (system\n crash) or possibly have unspecified other impact, via\n vectors related to calls that specify a large number of\n memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in\n drivers/char/agp/generic.c in the Linux kernel before\n 2.6.38.5 did not validate a certain start parameter,\n which allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_UNBIND agp_ioctl ioctl call, a different\n vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - When using a setuid root mount.cifs, local users could\n hijack password protected mounted CIFS shares of other\n local users. (CVE-2011-1585)\n\n - The do_task_stat function in fs/proc/array.c in the\n Linux kernel did not perform an expected uid check,\n which made it easier for local users to defeat the ASLR\n protection mechanism by reading the start_code and\n end_code fields in the /proc/#####/stat file for a\n process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where\n the pgoff inside the mapping could wrap around due to\n overflow. However, an expanding mremap() can take such a\n non-wrapping mapping and make it bigger and cause a\n wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS\n filesystem could use file locking to deadlock parts of\n an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in\n fs/partitions/ldm.c) contained bugs that could crash the\n kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - Multiple integer overflows in the next_pidmap function\n in kernel/pid.c in the Linux kernel allowed local users\n to cause a denial of service (system crash) via a\n crafted (1) getdents or (2) readdir system call.\n (CVE-2011-1593)\n\n - Integer overflow in the _ctl_do_mpt_command function in\n drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel\n might have allowed local users to gain privileges or\n cause a denial of service (memory corruption) via an\n ioctl call specifying a crafted value that triggers a\n heap-based buffer overflow. (CVE-2011-1494)\n\n - drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel\n did not validate (1) length and (2) offset values before\n performing memory copy operations, which might have\n allowed local users to gain privileges, cause a denial\n of service (memory corruption), or obtain sensitive\n information from kernel memory via a crafted ioctl call,\n related to the _ctl_do_mpt_command and\n _ctl_diag_read_buffer functions. (CVE-2011-1495)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0726.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1494.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1495.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1585.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1593.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1745.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1746.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2484.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2491.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2496.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7665.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.89.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-16T14:39:14", "description": "This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes several security issues and bugs.\n\nThe following security issues were fixed :\n\n - The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly handle packets for a CLOSED endpoint, which allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.\n (CVE-2011-2484)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585)\n\n - The do_task_stat function in fs/proc/array.c in the Linux kernel did not perform an expected uid check, which made it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.\n (CVE-2011-1593)\n\n - Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel might have allowed local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. (CVE-2011-1494)\n\n - drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel did not validate (1) length and (2) offset values before performing memory copy operations, which might have allowed local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and\n _ctl_diag_read_buffer functions. (CVE-2011-1495)", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7666)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1017", "CVE-2011-1093", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-2022", "CVE-2011-2182", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2496"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7666.NASL", "href": "https://www.tenable.com/plugins/nessus/57213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57213);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1017\", \"CVE-2011-1093\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1585\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-2022\", \"CVE-2011-2182\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2496\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7666)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues were fixed :\n\n - The dccp_rcv_state_process function in net/dccp/input.c\n in the Datagram Congestion Control Protocol (DCCP)\n implementation in the Linux kernel did not properly\n handle packets for a CLOSED endpoint, which allowed\n remote attackers to cause a denial of service (NULL\n pointer dereference and OOPS) by sending a DCCP-Close\n packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - The add_del_listener function in kernel/taskstats.c in\n the Linux kernel did not prevent multiple registrations\n of exit handlers, which allowed local users to cause a\n denial of service (memory and CPU consumption), and\n bypass the OOM Killer, via a crafted application.\n (CVE-2011-2484)\n\n - Integer overflow in the agp_generic_insert_memory\n function in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1)\n agp_allocate_memory and (2) agp_create_user_memory\n functions in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to trigger buffer overflows,\n and consequently cause a denial of service (system\n crash) or possibly have unspecified other impact, via\n vectors related to calls that specify a large number of\n memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in\n drivers/char/agp/generic.c in the Linux kernel before\n 2.6.38.5 did not validate a certain start parameter,\n which allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_UNBIND agp_ioctl ioctl call, a different\n vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - When using a setuid root mount.cifs, local users could\n hijack password protected mounted CIFS shares of other\n local users. (CVE-2011-1585)\n\n - The do_task_stat function in fs/proc/array.c in the\n Linux kernel did not perform an expected uid check,\n which made it easier for local users to defeat the ASLR\n protection mechanism by reading the start_code and\n end_code fields in the /proc/#####/stat file for a\n process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where\n the pgoff inside the mapping could wrap around due to\n overflow. However, an expanding mremap() can take such a\n non-wrapping mapping and make it bigger and cause a\n wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS\n filesystem could use file locking to deadlock parts of\n an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in\n fs/partitions/ldm.c) contained bugs that could crash the\n kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - Multiple integer overflows in the next_pidmap function\n in kernel/pid.c in the Linux kernel allowed local users\n to cause a denial of service (system crash) via a\n crafted (1) getdents or (2) readdir system call.\n (CVE-2011-1593)\n\n - Integer overflow in the _ctl_do_mpt_command function in\n drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel\n might have allowed local users to gain privileges or\n cause a denial of service (memory corruption) via an\n ioctl call specifying a crafted value that triggers a\n heap-based buffer overflow. (CVE-2011-1494)\n\n - drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel\n did not validate (1) length and (2) offset values before\n performing memory copy operations, which might have\n allowed local users to gain privileges, cause a denial\n of service (memory corruption), or obtain sensitive\n information from kernel memory via a crafted ioctl call,\n related to the _ctl_do_mpt_command and\n _ctl_diag_read_buffer functions. (CVE-2011-1495)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0726.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1494.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1495.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1585.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1593.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1745.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1746.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2484.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2491.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2496.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7666.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.89.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.89.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:33:29", "description": "The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar.\n\nCVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.\n\nCVE-2011-2022: The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.\n\nCVE-2011-1745: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.\n\nCVE-2011-2493: A denial of service on mounting invalid ext4 filesystems was fixed.\n\nCVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance.\n\nCVE-2011-2498: Also account PTE pages when calculating OOM scoring, which could have lead to a denial of service.\n\nCVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow.\nHowever, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition.\n\nCVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n\nCVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system.\n\nCVE-2011-1927: A missing route validation issue in ip_expire() could be used by remote attackers to trigger a NULL ptr dereference, crashing parts of the kernel.\n\nCVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.\n\nCVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2011:0860-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1479", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1927", "CVE-2011-2022", "CVE-2011-2182", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2493", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2498"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vmi", "p-cpe:/a:novell:opensuse:kernel-vmi-base", "p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vmi-debugsource", "p-cpe:/a:novell:opensuse:kernel-vmi-devel", "p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:preload-kmp-default", "p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:preload-kmp-desktop", "p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_KERNEL-110726.NASL", "href": "https://www.tenable.com/plugins/nessus/75880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-4932.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75880);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1017\", \"CVE-2011-1020\", \"CVE-2011-1479\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1927\", \"CVE-2011-2022\", \"CVE-2011-2182\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2493\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2498\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2011:0860-1)\");\n script_summary(english:\"Check for the kernel-4932 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs\nand security issues.\n\nFollowing security issues have been fixed: CVE-2011-2495: The\n/proc/PID/io interface could be used by local attackers to gain\ninformation on other processes like number of password characters\ntyped or similar.\n\nCVE-2011-2484: The add_del_listener function in kernel/taskstats.c in\nthe Linux kernel did not prevent multiple registrations of exit\nhandlers, which allowed local users to cause a denial of service\n(memory and CPU consumption), and bypass the OOM Killer, via a crafted\napplication.\n\nCVE-2011-2022: The agp_generic_remove_memory function in\ndrivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not\nvalidate a certain start parameter, which allowed local users to gain\nprivileges or cause a denial of service (system crash) via a crafted\nAGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than\nCVE-2011-1745.\n\nCVE-2011-1745: Integer overflow in the agp_generic_insert_memory\nfunction in drivers/char/agp/generic.c in the Linux kernel allowed\nlocal users to gain privileges or cause a denial of service (system\ncrash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.\n\nCVE-2011-2493: A denial of service on mounting invalid ext4\nfilesystems was fixed.\n\nCVE-2011-2491: A local unprivileged user able to access a NFS\nfilesystem could use file locking to deadlock parts of an nfs server\nunder some circumstance.\n\nCVE-2011-2498: Also account PTE pages when calculating OOM scoring,\nwhich could have lead to a denial of service.\n\nCVE-2011-2496: The normal mmap paths all avoid creating a mapping\nwhere the pgoff inside the mapping could wrap around due to overflow.\nHowever, an expanding mremap() can take such a non-wrapping mapping\nand make it bigger and cause a wrapping condition.\n\nCVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions\n(in fs/partitions/ldm.c) contained bugs that could crash the kernel\nfor certain corrupted LDM partitions.\n\nCVE-2011-1479: A regression in inotify fix for a memory leak could\nlead to a double free corruption which could crash the system.\n\nCVE-2011-1927: A missing route validation issue in ip_expire() could\nbe used by remote attackers to trigger a NULL ptr dereference,\ncrashing parts of the kernel.\n\nCVE-2011-1593: Multiple integer overflows in the next_pidmap function\nin kernel/pid.c in the Linux kernel allowed local users to cause a\ndenial of service (system crash) via a crafted (1) getdents or (2)\nreaddir system call.\n\nCVE-2011-1020: The proc filesystem implementation in the Linux kernel\ndid not restrict access to the /proc directory tree of a process after\nthis process performs an exec of a setuid program, which allowed local\nusers to obtain sensitive information or cause a denial of service via\nopen, lseek, read, and write system calls.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=584493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=595586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=661979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=666423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=672008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=679545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=694498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-base-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-base-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-debugsource-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-devel-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-base-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-base-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-debugsource-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-devel-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-base-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-base-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-debugsource-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-devel-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-base-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-base-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-debugsource-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-devel-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-extra-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-extra-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-base-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-base-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-debugsource-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-devel-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-source-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-source-vanilla-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-syms-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-base-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-base-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-debugsource-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-devel-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-base-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-base-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-debugsource-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-devel-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-base-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-base-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-debugsource-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-devel-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-base-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-base-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-debugsource-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-devel-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-devel-debuginfo-2.6.37.6-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-default-1.2_k2.6.37.6_0.7-6.7.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-default-debuginfo-1.2_k2.6.37.6_0.7-6.7.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-desktop-1.2_k2.6.37.6_0.7-6.7.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-desktop-debuginfo-1.2_k2.6.37.6_0.7-6.7.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:51", "description": "Security issues :\n\n - Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. (CVE-2011-1898, Important)\n\n - Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially crafted request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n - Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n - Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n - Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n - Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n - Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2213, Moderate)\n\n - Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\n - Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n - Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\n - /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process.\n (CVE-2011-2495, Low)", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110823_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61118);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues :\n\n - Using PCI passthrough without interrupt remapping\n support allowed KVM guests to generate MSI interrupts\n and thus potentially inject traps. A privileged guest\n user could use this flaw to crash the host or possibly\n escalate their privileges on the host. The fix for this\n issue can prevent PCI passthrough working and guests\n starting. (CVE-2011-1898, Important)\n\n - Flaw in the client-side NLM implementation could allow a\n local, unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Integer underflow in the Bluetooth implementation could\n allow a remote attacker to cause a denial of service or\n escalate their privileges by sending a specially crafted\n request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n - Buffer overflows in the netlink-based wireless\n configuration interface implementation could allow a\n local user, who has the CAP_NET_ADMIN capability, to\n cause a denial of service or escalate their privileges\n on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n - Flaw in the way the maximum file offset was handled for\n ext4 file systems could allow a local, unprivileged user\n to cause a denial of service. (CVE-2011-2695, Important)\n\n - Flaw allowed napi_reuse_skb() to be called on VLAN\n packets. An attacker on the local network could use this\n flaw to send crafted packets to a target, possibly\n causing a denial of service. (CVE-2011-1576, Moderate)\n\n - Integer signedness error in next_pidmap() could allow a\n local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - Race condition in the memory merging support (KSM) could\n allow a local, unprivileged user to cause a denial of\n service. KSM is off by default, but on systems running\n VDSM, or on KVM hosts, it is likely turned on by the\n ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n - Flaw in inet_diag_bc_audit() could allow a local,\n unprivileged user to cause a denial of service.\n (CVE-2011-2213, Moderate)\n\n - Flaw in the way space was allocated in the Global File\n System 2 (GFS2) implementation. If the file system was\n almost full, and a local, unprivileged user made an\n fallocate() request, it could result in a denial of\n service. Setting quotas to prevent users from using all\n available disk space would prevent exploitation of this\n flaw. (CVE-2011-2689, Moderate)\n\n - Local, unprivileged users could send signals via the\n sigqueueinfo system call, with si_code set to SI_TKILL\n and with spoofed process and user IDs, to other\n processes. This flaw does not allow existing permission\n checks to be bypassed; signals can only be sent if your\n privileges allow you to already do so. (CVE-2011-1182,\n Low)\n\n - Heap overflow in the EFI GUID Partition Table (GPT)\n implementation could allow a local attacker to cause a\n denial of service by mounting a disk containing crafted\n partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth\n implementation was not initialized properly before being\n copied to user-space, possibly allowing local,\n unprivileged users to leak kernel stack memory to\n user-space. (CVE-2011-2492, Low)\n\n - /proc/[PID]/io is world-readable by default. Previously,\n these files could be read without any further\n restrictions. A local, unprivileged user could read\n these files, belonging to other, possibly privileged\n processes to gather confidential information, such as\n the length of a password used in a process.\n (CVE-2011-2495, Low)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3053\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0e0261b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:52", "description": "Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSecurity issues :\n\n* Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)\n\n* Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially crafted request to a target system via Bluetooth. (CVE-2011-2497, Important)\n\n* Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.\n(CVE-2011-2517, Important)\n\n* Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service.\n(CVE-2011-1576, Moderate)\n\n* Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2213, Moderate)\n\n* Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\n* Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491;\nDan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-08-24T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2011:1189)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/55964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1189. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55964);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_bugtraq_id(47003, 47497, 47796, 48333, 48441, 48472, 48515, 48538, 48677, 48697, 48907, 49141);\n script_xref(name:\"RHSA\", value:\"2011:1189\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:1189)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues, various\nbugs, and add two enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSecurity issues :\n\n* Using PCI passthrough without interrupt remapping support allowed\nKVM guests to generate MSI interrupts and thus potentially inject\ntraps. A privileged guest user could use this flaw to crash the host\nor possibly escalate their privileges on the host. The fix for this\nissue can prevent PCI passthrough working and guests starting. Refer\nto Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)\n\n* Flaw in the client-side NLM implementation could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-2491,\nImportant)\n\n* Integer underflow in the Bluetooth implementation could allow a\nremote attacker to cause a denial of service or escalate their\nprivileges by sending a specially crafted request to a target system\nvia Bluetooth. (CVE-2011-2497, Important)\n\n* Buffer overflows in the netlink-based wireless configuration\ninterface implementation could allow a local user, who has the\nCAP_NET_ADMIN capability, to cause a denial of service or escalate\ntheir privileges on systems that have an active wireless interface.\n(CVE-2011-2517, Important)\n\n* Flaw in the way the maximum file offset was handled for ext4 file\nsystems could allow a local, unprivileged user to cause a denial of\nservice. (CVE-2011-2695, Important)\n\n* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An\nattacker on the local network could use this flaw to send crafted\npackets to a target, possibly causing a denial of service.\n(CVE-2011-1576, Moderate)\n\n* Integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* Race condition in the memory merging support (KSM) could allow a\nlocal, unprivileged user to cause a denial of service. KSM is off by\ndefault, but on systems running VDSM, or on KVM hosts, it is likely\nturned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user\nto cause a denial of service. (CVE-2011-2213, Moderate)\n\n* Flaw in the way space was allocated in the Global File System 2\n(GFS2) implementation. If the file system was almost full, and a\nlocal, unprivileged user made an fallocate() request, it could result\nin a denial of service. Setting quotas to prevent users from using all\navailable disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\n* Local, unprivileged users could send signals via the sigqueueinfo\nsystem call, with si_code set to SI_TKILL and with spoofed process and\nuser IDs, to other processes. This flaw does not allow existing\npermission checks to be bypassed; signals can only be sent if your\nprivileges allow you to already do so. (CVE-2011-1182, Low)\n\n* Heap overflow in the EFI GUID Partition Table (GPT) implementation\ncould allow a local attacker to cause a denial of service by mounting\na disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491;\nDan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan\nSweat for reporting CVE-2011-1576; Robert Swiecki for reporting\nCVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes\nof the Google Security Team for reporting CVE-2011-1182; Timo Warns\nfor reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for\nreporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting\nCVE-2011-2495.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2695\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1189\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1189\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1189\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:33:10", "description": "The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar.\n\nCVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.\n\nCVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance.\n\nCVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow.\nHowever, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition.\n\nCVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n\nCVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system.\n\nCVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.\n\nCVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.\n\nCVE-2011-1585: When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users.\n\nCVE-2011-1160: Kernel information via the TPM devices could by used by local attackers to read kernel memory.\n\nCVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code.\n\nCVE-2011-1180: In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory.\n\nCVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.\n\nCVE-2011-1013: A signedness issue in the drm ioctl handling could be used by local attackers to potentially overflow kernel buffers and execute code.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1479", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-2182", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2496"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vmi", "p-cpe:/a:novell:opensuse:kernel-vmi-base", "p-cpe:/a:novell:opensuse:kernel-vmi-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:preload-kmp-default", "p-cpe:/a:novell:opensuse:preload-kmp-desktop", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_KERNEL-110726.NASL", "href": "https://www.tenable.com/plugins/nessus/75555", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-4931.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75555);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1020\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1479\", \"CVE-2011-1577\", \"CVE-2011-1585\", \"CVE-2011-1593\", \"CVE-2011-2182\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2496\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)\");\n script_summary(english:\"Check for the kernel-4931 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs\nand security issues.\n\nFollowing security issues have been fixed: CVE-2011-2495: The\n/proc/PID/io interface could be used by local attackers to gain\ninformation on other processes like number of password characters\ntyped or similar.\n\nCVE-2011-2484: The add_del_listener function in kernel/taskstats.c in\nthe Linux kernel did not prevent multiple registrations of exit\nhandlers, which allowed local users to cause a denial of service\n(memory and CPU consumption), and bypass the OOM Killer, via a crafted\napplication.\n\nCVE-2011-2491: A local unprivileged user able to access a NFS\nfilesystem could use file locking to deadlock parts of an nfs server\nunder some circumstance.\n\nCVE-2011-2496: The normal mmap paths all avoid creating a mapping\nwhere the pgoff inside the mapping could wrap around due to overflow.\nHowever, an expanding mremap() can take such a non-wrapping mapping\nand make it bigger and cause a wrapping condition.\n\nCVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions\n(in fs/partitions/ldm.c) contained bugs that could crash the kernel\nfor certain corrupted LDM partitions.\n\nCVE-2011-1479: A regression in inotify fix for a memory leak could\nlead to a double free corruption which could crash the system.\n\nCVE-2011-1593: Multiple integer overflows in the next_pidmap function\nin kernel/pid.c in the Linux kernel allowed local users to cause a\ndenial of service (system crash) via a crafted (1) getdents or (2)\nreaddir system call.\n\nCVE-2011-1020: The proc filesystem implementation in the Linux kernel\ndid not restrict access to the /proc directory tree of a process after\nthis process performs an exec of a setuid program, which allowed local\nusers to obtain sensitive information or cause a denial of service via\nopen, lseek, read, and write system calls.\n\nCVE-2011-1585: When using a setuid root mount.cifs, local users could\nhijack password protected mounted CIFS shares of other local users.\n\nCVE-2011-1160: Kernel information via the TPM devices could by used by\nlocal attackers to read kernel memory.\n\nCVE-2011-1577: The Linux kernel automatically evaluated partition\ntables of storage devices. The code for evaluating EFI GUID partitions\n(in fs/partitions/efi.c) contained a bug that causes a kernel oops on\ncertain corrupted GUID partition tables, which might be used by local\nattackers to crash the kernel or potentially execute code.\n\nCVE-2011-1180: In the IrDA module, length fields provided by a peer\nfor names and attributes may be longer than the destination array\nsizes and were not checked, this allowed local attackers (close to the\nirda port) to potentially corrupt memory.\n\nCVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not\nproperly validate data related to the AA resolve registers, which\nallowed local users to write to arbitrary memory locations associated\nwith (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table\n(GTT) via crafted values.\n\nCVE-2011-1013: A signedness issue in the drm ioctl handling could be\nused by local attackers to potentially overflow kernel buffers and\nexecute code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=584493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=595586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=673934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=676419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=679898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=680040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=683282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-extra-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-vanilla-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-syms-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-default-1.1_k2.6.34.10_0.2-19.1.24\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-desktop-1.1_k2.6.34.10_0.2-19.1.24\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:13", "description": "The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.43 and fixes various bugs and security issues.\n\nThe following security issues were fixed :\n\n - The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. (CVE-2011-2491)\n\n - Fixed a race between ksmd and other memory management code, which could result in a NULL ptr dereference and kernel crash. (CVE-2011-2183)\n\n - In both trigger_scan and sched_scan operations, we were checking for the SSID length before assigning the value correctly. Since the memory was just kzalloced, the check was always failing and SSID with over 32 characters were allowed to go through. This required CAP_NET_ADMIN privileges to be exploited.\n (CVE-2011-2517)\n\n - A malicious user or buggy application could inject diagnosing byte code and trigger an infinite loop in inet_diag_bc_audit(). (CVE-2011-2213)\n\n - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-1012 / CVE-2011-2182)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.\n (CVE-2011-1593)\n\n - The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. (CVE-2011-1020)\n\n - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585)\n\n - Kernel information via the TPM devices could by used by local attackers to read kernel memory. (CVE-2011-1160)\n\n - The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code.\n (CVE-2011-1577)\n\n - In a bluetooth ioctl, struct sco_conninfo has one padding byte in the end. Local variable cinfo of type sco_conninfo was copied to userspace with this uninizialized one byte, leading to an old stack contents leak. (CVE-2011-1078)\n\n - In a bluetooth ioctl, struct ca is copied from userspace. It was not checked whether the 'device' field was NULL terminated. This potentially leads to BUG() inside of alloc_netdev_mqs() and/or information leak by creating a device with a name made of contents of kernel stack. (CVE-2011-1079)\n\n - In ebtables rule loading, struct tmp is copied from userspace. It was not checked whether the 'name' field is NULL terminated. This may have lead to buffer overflow and passing contents of kernel stack as a module name to try_then_request_module() and, consequently, to modprobe commandline. It would be seen by all userspace processes. (CVE-2011-1080)\n\n - The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel on the x86_64 platform allowed remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. (CVE-2011-1173)\n\n - net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel did not place the expected '0' character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.\n (CVE-2011-1170)\n\n - net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel did not place the expected '0' character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.\n (CVE-2011-1171)\n\n - net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel did not place the expected '0' character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.\n (CVE-2011-1172)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - The bcm_release function in net/can/bcm.c in the Linux kernel did not properly validate a socket data structure, which allowed local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. (CVE-2011-1598)\n\n - The raw_release function in net/can/raw.c in the Linux kernel did not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. (CVE-2011-1748)", "cvss3": {}, "published": "2011-07-26T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4884 / 4888 / 4889)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1012", "CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1160", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1748", "CVE-2011-2182", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KERNEL-110718.NASL", "href": "https://www.tenable.com/plugins/nessus/55686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55686);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1012\", \"CVE-2011-1017\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1160\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1577\", \"CVE-2011-1585\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1748\", \"CVE-2011-2182\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n\n script_name(english:\"SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4884 / 4888 / 4889)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to\n2.6.32.43 and fixes various bugs and security issues.\n\nThe following security issues were fixed :\n\n - The normal mmap paths all avoid creating a mapping where\n the pgoff inside the mapping could wrap around due to\n overflow. However, an expanding mremap() can take such a\n non-wrapping mapping and make it bigger and cause a\n wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS\n filesystem could use file locking to deadlock parts of\n an nfs server under some circumstance. (CVE-2011-2491)\n\n - Fixed a race between ksmd and other memory management\n code, which could result in a NULL ptr dereference and\n kernel crash. (CVE-2011-2183)\n\n - In both trigger_scan and sched_scan operations, we were\n checking for the SSID length before assigning the value\n correctly. Since the memory was just kzalloced, the\n check was always failing and SSID with over 32\n characters were allowed to go through. This required\n CAP_NET_ADMIN privileges to be exploited.\n (CVE-2011-2517)\n\n - A malicious user or buggy application could inject\n diagnosing byte code and trigger an infinite loop in\n inet_diag_bc_audit(). (CVE-2011-2213)\n\n - The code for evaluating LDM partitions (in\n fs/partitions/ldm.c) contained bugs that could crash the\n kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-1012 / CVE-2011-2182)\n\n - Multiple integer overflows in the next_pidmap function\n in kernel/pid.c in the Linux kernel allowed local users\n to cause a denial of service (system crash) via a\n crafted (1) getdents or (2) readdir system call.\n (CVE-2011-1593)\n\n - The proc filesystem implementation in the Linux kernel\n did not restrict access to the /proc directory tree of a\n process after this process performs an exec of a setuid\n program, which allowed local users to obtain sensitive\n information or cause a denial of service via open,\n lseek, read, and write system calls. (CVE-2011-1020)\n\n - When using a setuid root mount.cifs, local users could\n hijack password protected mounted CIFS shares of other\n local users. (CVE-2011-1585)\n\n - Kernel information via the TPM devices could by used by\n local attackers to read kernel memory. (CVE-2011-1160)\n\n - The Linux kernel automatically evaluated partition\n tables of storage devices. The code for evaluating EFI\n GUID partitions (in fs/partitions/efi.c) contained a bug\n that causes a kernel oops on certain corrupted GUID\n partition tables, which might be used by local attackers\n to crash the kernel or potentially execute code.\n (CVE-2011-1577)\n\n - In a bluetooth ioctl, struct sco_conninfo has one\n padding byte in the end. Local variable cinfo of type\n sco_conninfo was copied to userspace with this\n uninizialized one byte, leading to an old stack contents\n leak. (CVE-2011-1078)\n\n - In a bluetooth ioctl, struct ca is copied from\n userspace. It was not checked whether the 'device' field\n was NULL terminated. This potentially leads to BUG()\n inside of alloc_netdev_mqs() and/or information leak by\n creating a device with a name made of contents of kernel\n stack. (CVE-2011-1079)\n\n - In ebtables rule loading, struct tmp is copied from\n userspace. It was not checked whether the 'name' field\n is NULL terminated. This may have lead to buffer\n overflow and passing contents of kernel stack as a\n module name to try_then_request_module() and,\n consequently, to modprobe commandline. It would be seen\n by all userspace processes. (CVE-2011-1080)\n\n - The econet_sendmsg function in net/econet/af_econet.c in\n the Linux kernel on the x86_64 platform allowed remote\n attackers to obtain potentially sensitive information\n from kernel stack memory by reading uninitialized data\n in the ah field of an Acorn Universal Networking (AUN)\n packet. (CVE-2011-1173)\n\n - net/ipv4/netfilter/arp_tables.c in the IPv4\n implementation in the Linux kernel did not place the\n expected '0' character at the end of string data in the\n values of certain structure members, which allowed local\n users to obtain potentially sensitive information from\n kernel memory by leveraging the CAP_NET_ADMIN capability\n to issue a crafted request, and then reading the\n argument to the resulting modprobe process.\n (CVE-2011-1170)\n\n - net/ipv4/netfilter/ip_tables.c in the IPv4\n implementation in the Linux kernel did not place the\n expected '0' character at the end of string data in the\n values of certain structure members, which allowed local\n users to obtain potentially sensitive information from\n kernel memory by leveraging the CAP_NET_ADMIN capability\n to issue a crafted request, and then reading the\n argument to the resulting modprobe process.\n (CVE-2011-1171)\n\n - net/ipv6/netfilter/ip6_tables.c in the IPv6\n implementation in the Linux kernel did not place the\n expected '0' character at the end of string data in the\n values of certain structure members, which allowed local\n users to obtain potentially sensitive information from\n kernel memory by leveraging the CAP_NET_ADMIN capability\n to issue a crafted request, and then reading the\n argument to the resulting modprobe process.\n (CVE-2011-1172)\n\n - Multiple integer overflows in the (1)\n agp_allocate_memory and (2) agp_create_user_memory\n functions in drivers/char/agp/generic.c in the Linux\n kernel before allowed local users to trigger buffer\n overflows, and consequently cause a denial of service\n (system crash) or possibly have unspecified other\n impact, via vectors related to calls that specify a\n large number of memory pages. (CVE-2011-1746)\n\n - Integer overflow in the agp_generic_insert_memory\n function in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - The bcm_release function in net/can/bcm.c in the Linux\n kernel did not properly validate a socket data\n structure, which allowed local users to cause a denial\n of service (NULL pointer dereference) or possibly have\n unspecified other impact via a crafted release\n operation. (CVE-2011-1598)\n\n - The raw_release function in net/can/raw.c in the Linux\n kernel did not properly validate a socket data\n structure, which allows local users to cause a denial of\n service (NULL pointer dereference) or possibly have\n unspecified other impact via a crafted release\n operation. (CVE-2011-1748)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=466279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=584493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=626119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=638985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=654501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=663513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=666423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=667226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=676601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=676602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=680040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=680845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=682076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=682251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=682319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=682482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=682567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=683107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=683282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=684297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=684472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=684852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=684927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=685226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=685276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=690683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=696107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=696586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1577.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1585.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1593.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1598.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1745.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1746.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1748.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2491.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2496.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2517.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 4884 / 4888 / 4889 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-default-0_2.6.32.43_0.4-0.3.50\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.43_0.4-0.3.50\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.43_0.4-0.3.50\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.43_0.4-0.14.8\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-extra-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-desktop-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-extra-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-extra-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-default-0_2.6.32.43_0.4-0.3.50\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.43_0.4-0.3.50\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-extra-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-desktop-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-extra-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"btrfs-kmp-default-0_2.6.32.43_0.4-0.3.50\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ext4dev-kmp-default-0_2.6.32.43_0.4-7.9.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-source-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-syms-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.43_0.4-0.3.50\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.43_0.4-0.3.50\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-pae-0_2.6.32.43_0.4-7.9.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-xen-0_2.6.32.43_0.4-7.9.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.43_0.4-0.14.8\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-default-man-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.43_0.4-0.3.50\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"ext4dev-kmp-xen-0_2.6.32.43_0.4-7.9.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.43_0.4-0.14.8\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.43-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.43-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:55", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1189 advisory.\n\n - kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. (CVE-2011-1182)\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. (CVE-2011-1593)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. (CVE-2011-1776)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n (CVE-2011-2213)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. (CVE-2011-2517)\n\n - The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.\n (CVE-2011-2689)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2011-1189)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3880", "CVE-2011-1182", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf"], "id": "ORACLELINUX_ELSA-2011-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/68331", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-1189.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68331);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1182\",\n \"CVE-2011-1576\",\n \"CVE-2011-1593\",\n \"CVE-2011-1776\",\n \"CVE-2011-1898\",\n \"CVE-2011-2183\",\n \"CVE-2011-2213\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2497\",\n \"CVE-2011-2517\",\n \"CVE-2011-2689\",\n \"CVE-2011-2695\"\n );\n script_bugtraq_id(\n 47003,\n 47497,\n 47796,\n 48333,\n 48441,\n 48472,\n 48515,\n 48538,\n 48677,\n 48697,\n 48907,\n 49141\n );\n script_xref(name:\"RHSA\", value:\"2011:1189\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2011-1189)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2011-1189 advisory.\n\n - kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal\n sender via a sigqueueinfo system call. (CVE-2011-1182)\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5\n and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor\n and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are\n processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a\n different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4\n allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir\n system call. (CVE-2011-1593)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size\n of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically\n proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive\n information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability\n than CVE-2011-1577. (CVE-2011-1776)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not\n have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI\n interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3,\n when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL\n pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not\n properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite\n loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an\n INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n (CVE-2011-2213)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel\n before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data\n structures, which allows local users to obtain potentially sensitive information from kernel memory via a\n crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in\n net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io\n files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by\n discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel\n before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have\n unspecified other impact via a small command-size value within the command header of a Logical Link\n Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users\n to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID\n value. (CVE-2011-2517)\n\n - The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the\n size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of\n service (BUG and system crash) by arranging for all resource groups to have too little free space.\n (CVE-2011-2689)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to\n cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a\n write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-1189.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2497\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-131.12.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-1189');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-131.12.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:36:01", "description": "Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.0.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSecurity fixes :\n\n* A flaw in the SCTP and DCCP implementations could allow a remote attacker to cause a denial of service. (CVE-2010-4526, CVE-2011-1770, Important)\n\n* Flaws in the Management Module Support for Message Passing Technology (MPT) based controllers could allow a local, unprivileged user to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(), could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, Important)\n\n* A flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* A flaw in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges.\n(CVE-2011-2497, Important)\n\n* Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n* The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n* A local, unprivileged user could allocate large amounts of memory not visible to the OOM killer, causing a denial of service.\n(CVE-2010-4243, Moderate)\n\n* The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues.\n(CVE-2011-1020, Moderate)\n\n* A local, privileged user could possibly write arbitrary kernel memory via /sys/kernel/debug/acpi/custom_method. (CVE-2011-1021, Moderate)\n\n* Inconsistency in the methods for allocating and freeing NFSv4 ACL data; CVE-2010-4250 fix caused a regression; a flaw in next_pidmap() and inet_diag_bc_audit(); flaws in the CAN implementation; a race condition in the memory merging support; a flaw in the taskstats subsystem; and the way mapping expansions were handled could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1090, CVE-2011-1479, CVE-2011-1593, CVE-2011-2213, CVE-2011-1598, CVE-2011-1748, CVE-2011-2183, CVE-2011-2484, CVE-2011-2496, Moderate)\n\n* A flaw in GRO could result in a denial of service when a malformed VLAN frame is received. (CVE-2011-1478, Moderate)\n\n* napi_reuse_skb() could be called on VLAN packets allowing an attacker on the local network to possibly trigger a denial of service.\n(CVE-2011-1576, Moderate)\n\n* A denial of service could occur if packets were received while the ipip or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768, Moderate)\n\n* Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495, Low)\n\n* Flaws in the EFI GUID Partition Table implementation could allow a local attacker to cause a denial of service. (CVE-2011-1577, CVE-2011-1776, Low)\n\n* While a user has a CIFS share mounted that required successful authentication, a local, unprivileged user could mount that share without knowing the correct password if mount.cifs was setuid root.\n(CVE-2011-1585, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770, CVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213;\nVasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495; Vasily Averin for reporting CVE-2011-2491; Brad Spengler for reporting CVE-2010-4243; Kees Cook for reporting CVE-2011-1020; Robert Swiecki for reporting CVE-2011-1593 and CVE-2011-2496; Oliver Hartkopp for reporting CVE-2011-1748; Andrea Righi for reporting CVE-2011-2183;\nRyan Sweat for reporting CVE-2011-1478 and CVE-2011-1576; Peter Huewe for reporting CVE-2011-1160; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Timo Warns for reporting CVE-2011-1577 and CVE-2011-1776.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-07-22T00:00:00", "type": "nessus", "title": "RHEL 6 : MRG (RHSA-2011:1253)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4243", "CVE-2010-4250", "CVE-2010-4526", "CVE-2011-1020", "CVE-2011-1021", "CVE-2011-1090", "CVE-2011-1160", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1748", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1770", "CVE-2011-1776", "CVE-2011-2022", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/76634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1253. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76634);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4526\", \"CVE-2011-1020\", \"CVE-2011-1021\", \"CVE-2011-1090\", \"CVE-2011-1160\", \"CVE-2011-1478\", \"CVE-2011-1479\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1585\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1748\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1770\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2695\");\n script_bugtraq_id(45004, 45661, 46567, 46766, 46866, 47056, 47185, 47296, 47321, 47343, 47381, 47497, 47503, 47534, 47535, 47769, 47796, 47835, 47843, 47852, 47853, 48333, 48383, 48441, 48472, 48538, 48697, 48907, 49141, 49408);\n script_xref(name:\"RHSA\", value:\"2011:1253\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2011:1253)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix multiple security issues and\nvarious bugs are now available for Red Hat Enterprise MRG 2.0.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSecurity fixes :\n\n* A flaw in the SCTP and DCCP implementations could allow a remote\nattacker to cause a denial of service. (CVE-2010-4526, CVE-2011-1770,\nImportant)\n\n* Flaws in the Management Module Support for Message Passing\nTechnology (MPT) based controllers could allow a local, unprivileged\nuser to cause a denial of service, an information leak, or escalate\ntheir privileges. (CVE-2011-1494, CVE-2011-1495, Important)\n\n* Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(),\ncould allow a local user to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746,\nImportant)\n\n* A flaw in the client-side NLM implementation could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-2491,\nImportant)\n\n* A flaw in the Bluetooth implementation could allow a remote attacker\nto cause a denial of service or escalate their privileges.\n(CVE-2011-2497, Important)\n\n* Flaws in the netlink-based wireless configuration interface could\nallow a local user, who has the CAP_NET_ADMIN capability, to cause a\ndenial of service or escalate their privileges on systems that have an\nactive wireless interface. (CVE-2011-2517, Important)\n\n* The maximum file offset handling for ext4 file systems could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2011-2695,\nImportant)\n\n* A local, unprivileged user could allocate large amounts of memory\nnot visible to the OOM killer, causing a denial of service.\n(CVE-2010-4243, Moderate)\n\n* The proc file system could allow a local, unprivileged user to\nobtain sensitive information or possibly cause integrity issues.\n(CVE-2011-1020, Moderate)\n\n* A local, privileged user could possibly write arbitrary kernel\nmemory via /sys/kernel/debug/acpi/custom_method. (CVE-2011-1021,\nModerate)\n\n* Inconsistency in the methods for allocating and freeing NFSv4 ACL\ndata; CVE-2010-4250 fix caused a regression; a flaw in next_pidmap()\nand inet_diag_bc_audit(); flaws in the CAN implementation; a race\ncondition in the memory merging support; a flaw in the taskstats\nsubsystem; and the way mapping expansions were handled could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2011-1090,\nCVE-2011-1479, CVE-2011-1593, CVE-2011-2213, CVE-2011-1598,\nCVE-2011-1748, CVE-2011-2183, CVE-2011-2484, CVE-2011-2496, Moderate)\n\n* A flaw in GRO could result in a denial of service when a malformed\nVLAN frame is received. (CVE-2011-1478, Moderate)\n\n* napi_reuse_skb() could be called on VLAN packets allowing an\nattacker on the local network to possibly trigger a denial of service.\n(CVE-2011-1576, Moderate)\n\n* A denial of service could occur if packets were received while the\nipip or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768,\nModerate)\n\n* Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495,\nLow)\n\n* Flaws in the EFI GUID Partition Table implementation could allow a\nlocal attacker to cause a denial of service. (CVE-2011-1577,\nCVE-2011-1776, Low)\n\n* While a user has a CIFS share mounted that required successful\nauthentication, a local, unprivileged user could mount that share\nwithout knowing the correct password if mount.cifs was setuid root.\n(CVE-2011-1585, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770,\nCVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213;\nVasiliy Kulikov of Openwall for reporting CVE-2011-1745,\nCVE-2011-2022, CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495; Vasily\nAverin for reporting CVE-2011-2491; Brad Spengler for reporting\nCVE-2010-4243; Kees Cook for reporting CVE-2011-1020; Robert Swiecki\nfor reporting CVE-2011-1593 and CVE-2011-2496; Oliver Hartkopp for\nreporting CVE-2011-1748; Andrea Righi for reporting CVE-2011-2183;\nRyan Sweat for reporting CVE-2011-1478 and CVE-2011-1576; Peter Huewe\nfor reporting CVE-2011-1160; Marek Kroemeke and Filip Palian for\nreporting CVE-2011-2492; and Timo Warns for reporting CVE-2011-1577\nand CVE-2011-1776.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2695\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2.0/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5464fa08\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1253\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4243\", \"CVE-2010-4526\", \"CVE-2011-1020\", \"CVE-2011-1021\", \"CVE-2011-1090\", \"CVE-2011-1160\", \"CVE-2011-1478\", \"CVE-2011-1479\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1585\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1748\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1770\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2695\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1253\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1253\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.75.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-2.6.33.9-rt31.75.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:24", "description": "Update to kernel 2.6.35.14 :\n\nhttp://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.14\n\nNOTE: These upstream commits from 2.6.35.14 were already in the previous Fedora 14 kernel 2.6.35.13-92 :\n\nb934c20de1398d4a82d2ecfeb588a214a910f13f 3cd01976e702ccaffb907727caff4f8789353599 9c047157a20521cd525527947b13b950d168d2e6 6b4e81db2552bad04100e7d5ddeed7e848f53b48 3e9d08ec0a68f6faf718d5a7e050fe5ca0ba004f b522f02184b413955f3bc952e3776ce41edc6355 194b3da873fd334ef183806db751473512af29ce a1f74ae82d133ebb2aabb19d181944b4e83e9960 e9cdd343a5e42c43bcda01e609fa23089e026470 14fb57dccb6e1defe9f89a66f548fcb24c374c1d 221d1d797202984cb874e3ed9f1388593d34ee22 a294865978b701e4d0d90135672749531b9a900d\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-08-23T00:00:00", "type": "nessus", "title": "Fedora 14 : kernel-2.6.35.14-95.fc14 (2011-11103)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1598", "CVE-2011-1748", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2905"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-11103.NASL", "href": "https://www.tenable.com/plugins/nessus/55955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11103.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55955);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\");\n script_bugtraq_id(47503, 47835, 48333, 48383, 48472, 48538, 48697, 48802, 49140);\n script_xref(name:\"FEDORA\", value:\"2011-11103\");\n\n script_name(english:\"Fedora 14 : kernel-2.6.35.14-95.fc14 (2011-11103)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to kernel 2.6.35.14 :\n\nhttp://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.14\n\nNOTE: These upstream commits from 2.6.35.14 were already in the\nprevious Fedora 14 kernel 2.6.35.13-92 :\n\nb934c20de1398d4a82d2ecfeb588a214a910f13f\n3cd01976e702ccaffb907727caff4f8789353599\n9c047157a20521cd525527947b13b950d168d2e6\n6b4e81db2552bad04100e7d5ddeed7e848f53b48\n3e9d08ec0a68f6faf718d5a7e050fe5ca0ba004f\nb522f02184b413955f3bc952e3776ce41edc6355\n194b3da873fd334ef183806db751473512af29ce\na1f74ae82d133ebb2aabb19d181944b4e83e9960\ne9cdd343a5e42c43bcda01e609fa23089e026470\n14fb57dccb6e1defe9f89a66f548fcb24c374c1d\n221d1d797202984cb874e3ed9f1388593d34ee22\na294865978b701e4d0d90135672749531b9a900d\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog-2.6.35.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?13012155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=698057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=710338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=714536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=716805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=722557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=723429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=729808\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064393.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38ec6e06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"kernel-2.6.35.14-95.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T14:23:35", "description": "It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478)\n\nIt was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581)\n\nIt was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nBen Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on '/dev/zero' was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service.\n(CVE-2011-2479)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nQianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service.\n(CVE-2011-2942)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)\n\nA flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.\n(CVE-2011-3619)\n\nA flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637)\n\nScot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4087)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4250", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1493", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2182", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2479", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3619", "CVE-2011-3637", "CVE-2011-4087", "CVE-2011-4326", "CVE-2011-4914"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1256-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56768", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1256-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56768);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-4250\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2182\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-3619\", \"CVE-2011-3637\", \"CVE-2011-4087\", \"CVE-2011-4326\", \"CVE-2011-4914\");\n script_bugtraq_id(46567, 46616, 46793, 46866, 46935, 46980, 47056, 47296, 47308, 47321, 47343, 47381, 47768, 47796, 47852, 47853, 47926, 48101, 48333, 48347, 48383, 48441, 48472, 48538, 48641, 48677, 48697, 48802, 48804, 48907, 48929, 49108, 49140, 49141, 49408, 49411, 50314);\n script_xref(name:\"USN\", value:\"1256-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the /proc filesystem did not correctly handle\npermission changes when programs executed. A local attacker could hold\nopen files to examine details about programs running with higher\nprivileges, potentially increasing the chances of exploiting\nadditional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\ncheck that device name strings were NULL terminated. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice, or leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check\nthat name fields were NULL terminated. A local attacker could exploit\nthis to leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly\nhandle certain packet combinations. A remote attacker could send\nspecially crafted network traffic that would crash the system, leading\nto a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly\ninitialize memory. A local attacker could exploit this to read kernel\nheap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly\ncheck certain field sizes. If a system was using IRDA, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-1180)\n\nRyan Sweat discovered that the GRO code did not correctly validate\nmemory. In some configurations on systems using VLANs, a remote\nattacker could send specially crafted traffic to crash the system,\nleading to a denial of service. (CVE-2011-1478)\n\nIt was discovered that the security fix for CVE-2010-4250 introduced a\nregression. A remote attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-1479)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not\ncorrectly handle certain fields. If a system was running with Rose\nenabled, a remote attacker could send specially crafted traffic to\ngain root privileges. (CVE-2011-1493)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP)\nimplementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the GUID partition parsing routines did not\ncorrectly validate certain structures. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem, leading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not\ncorrectly handle large queues. On some systems, a remote attacker\ncould send specially crafted traffic to crash the system, leading to a\ndenial of service. (CVE-2011-1581)\n\nIt was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ip_gre\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ipip\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1768)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O. A\nlocal attacker with access to a CIFS partition could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-1771)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nBen Hutchings reported a flaw in the kernel's handling of corrupt LDM\npartitions. A local user could exploit this to cause a denial of\nservice or escalate privileges. (CVE-2011-2182)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on\n'/dev/zero' was incorrectly handled. A local attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2011-2479)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly\nhandled. A local attacker could exploit this to exhaust memory and CPU\nresources, leading to a denial of service. (CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly\ninitialize structures. A local attacker could exploit this to read\nportions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root\ninodes. A local attacker could trigger the mount of a specially\ncrafted filesystem to cause the system to crash, leading to a denial\nof service. (CVE-2011-2493)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that GFS2 did not correctly check block sizes. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service. (CVE-2011-2689)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain\ncounters. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nQianfeng Zhang discovered that the bridge networking interface\nincorrectly handled certain network packets. A remote attacker could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2011-2942)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock\nimplementation. A local unprivileged attacker could exploit this\ncausing a denial of service. (CVE-2011-3209)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\n\nA flaw was discovered in the Linux kernel's AppArmor security\ninterface when invalid information was written to it. An unprivileged\nlocal user could use this to cause a denial of service on the system.\n(CVE-2011-3619)\n\nA flaw was found in the Linux kernel's /proc/*/*map* interface. A\nlocal, unprivileged user could exploit this flaw to cause a denial of\nservice. (CVE-2011-3637)\n\nScot Doyle discovered that the bridge networking interface incorrectly\nhandled certain network packets. A remote attacker could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-4087)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw to\ncrash the system. (CVE-2011-4326)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP)\nlayer. A local user or a remote user on an X.25 network could exploit\nthese flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1256-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4250\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2182\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-3619\", \"CVE-2011-3637\", \"CVE-2011-4087\", \"CVE-2011-4326\", \"CVE-2011-4914\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1256-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-generic\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-generic-pae\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-server\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-virtual\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-11T14:37:28", "description": "Updated kernel packages that fix several security issues, various bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges.\n(CVE-2011-1746, Important)\n\n* A race condition flaw was found in the Linux kernel's eCryptfs implementation. A local attacker could use the mount.ecryptfs_private utility to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update, which provides the user-space part of the fix, must also be installed. (CVE-2011-1833, Moderate)\n\n* A denial of service flaw was found in the way the taskstats subsystem handled the registration of process exit handlers. A local, unprivileged user could register an unlimited amount of these handlers, leading to excessive CPU time and memory use.\n(CVE-2011-2484, Moderate)\n\n* A flaw was found in the way mapping expansions were handled. A local, unprivileged user could use this flaw to cause a wrapping condition, triggering a denial of service. (CVE-2011-2496, Moderate)\n\n* A flaw was found in the Linux kernel's Performance Events implementation. It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a lockup and panic the system. A local, unprivileged user could use this flaw to cause a denial of service (kernel panic) using the perf tool. (CVE-2011-2521, Moderate)\n\n* A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)\n\n* A flaw was found in the way the Linux kernel's Performance Events implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2918, Moderate)\n\n* A flaw was found in the Linux kernel's Trusted Platform Module (TPM) implementation. A local, unprivileged user could use this flaw to leak information to user-space. (CVE-2011-1160, Low)\n\n* Flaws were found in the tpacket_rcv() and packet_recvmsg() functions in the Linux kernel. A local, unprivileged user could use these flaws to leak information to user-space. (CVE-2011-2898, Low)\n\nRed Hat would like to thank Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, and CVE-2011-2484; the Ubuntu Security Team for reporting CVE-2011-1833; Robert Swiecki for reporting CVE-2011-2496; Li Yu for reporting CVE-2011-2521; Brent Meshier for reporting CVE-2011-2723; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833.\n\nThis update also fixes various bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2011-10-06T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2011:1350)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1160", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2521", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-2918"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1350.NASL", "href": "https://www.tenable.com/plugins/nessus/56404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1350. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56404);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1160\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1833\", \"CVE-2011-2022\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2521\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-2918\");\n script_bugtraq_id(46866, 47321, 47534, 47535, 47843, 48383, 48580, 48929, 49108, 49152);\n script_xref(name:\"RHSA\", value:\"2011:1350\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:1350)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues, various\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local user to cause a denial of service\nor escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\nImportant)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal user to cause a denial of service or escalate their privileges.\n(CVE-2011-1746, Important)\n\n* A race condition flaw was found in the Linux kernel's eCryptfs\nimplementation. A local attacker could use the mount.ecryptfs_private\nutility to mount (and then access) a directory they would otherwise\nnot have access to. Note: To correct this issue, the RHSA-2011:1241\necryptfs-utils update, which provides the user-space part of the fix,\nmust also be installed. (CVE-2011-1833, Moderate)\n\n* A denial of service flaw was found in the way the taskstats\nsubsystem handled the registration of process exit handlers. A local,\nunprivileged user could register an unlimited amount of these\nhandlers, leading to excessive CPU time and memory use.\n(CVE-2011-2484, Moderate)\n\n* A flaw was found in the way mapping expansions were handled. A\nlocal, unprivileged user could use this flaw to cause a wrapping\ncondition, triggering a denial of service. (CVE-2011-2496, Moderate)\n\n* A flaw was found in the Linux kernel's Performance Events\nimplementation. It could falsely lead the NMI (Non-Maskable Interrupt)\nWatchdog to detect a lockup and panic the system. A local,\nunprivileged user could use this flaw to cause a denial of service\n(kernel panic) using the perf tool. (CVE-2011-2521, Moderate)\n\n* A flaw in skb_gro_header_slow() in the Linux kernel could lead to\nGRO (Generic Receive Offload) fields being left in an inconsistent\nstate. An attacker on the local network could use this flaw to trigger\na denial of service. GRO is enabled by default in all network drivers\nthat support it. (CVE-2011-2723, Moderate)\n\n* A flaw was found in the way the Linux kernel's Performance Events\nimplementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A\nlocal, unprivileged user could use this flaw to cause a denial of\nservice. (CVE-2011-2918, Moderate)\n\n* A flaw was found in the Linux kernel's Trusted Platform Module (TPM)\nimplementation. A local, unprivileged user could use this flaw to leak\ninformation to user-space. (CVE-2011-1160, Low)\n\n* Flaws were found in the tpacket_rcv() and packet_recvmsg() functions\nin the Linux kernel. A local, unprivileged user could use these flaws\nto leak information to user-space. (CVE-2011-2898, Low)\n\nRed Hat would like to thank Vasiliy Kulikov of Openwall for reporting\nCVE-2011-1745, CVE-2011-2022, CVE-2011-1746, and CVE-2011-2484; the\nUbuntu Security Team for reporting CVE-2011-1833; Robert Swiecki for\nreporting CVE-2011-2496; Li Yu for reporting CVE-2011-2521; Brent\nMeshier for reporting CVE-2011-2723; and Peter Huewe for reporting\nCVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov\nof Openwall and Dan Rosenberg as the original reporters of\nCVE-2011-1833.\n\nThis update also fixes various bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs and add\nthe enhancement noted in the Technical Notes. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2918\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1241.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1241\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1350\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1160\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1833\", \"CVE-2011-2022\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2521\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-2918\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1350\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1350\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-09T02:01:19", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1350 advisory.\n\n - The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. (CVE-2011-1160)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. (CVE-2011-1833)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. (CVE-2011-2484)\n\n - Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping. (CVE-2011-2496)\n\n - The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program. (CVE-2011-2521)\n\n - The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic. (CVE-2011-2723)\n\n - net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. (CVE-2011-2898)\n\n - The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application. (CVE-2011-2918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2011-1350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1160", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2521", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-2918"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf"], "id": "ORACLELINUX_ELSA-2011-1350.NASL", "href": "https://www.tenable.com/plugins/nessus/68364", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-1350.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68364);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1160\",\n \"CVE-2011-1745\",\n \"CVE-2011-1746\",\n \"CVE-2011-1833\",\n \"CVE-2011-2022\",\n \"CVE-2011-2484\",\n \"CVE-2011-2496\",\n \"CVE-2011-2521\",\n \"CVE-2011-2723\",\n \"CVE-2011-2898\",\n \"CVE-2011-2918\"\n );\n script_bugtraq_id(\n 46866,\n 47321,\n 47534,\n 47535,\n 47843,\n 48383,\n 48580,\n 48802,\n 48929,\n 48986,\n 49108,\n 49152\n );\n script_xref(name:\"RHSA\", value:\"2011:1350\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2011-1350)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2011-1350 advisory.\n\n - The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a\n certain buffer, which allows local users to obtain potentially sensitive information from kernel memory\n via unspecified vectors. (CVE-2011-1160)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux\n kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash)\n via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in\n drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer\n overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other\n impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux\n kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private\n mount with a mismatched uid. (CVE-2011-1833)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5\n does not validate a certain start parameter, which allows local users to gain privileges or cause a denial\n of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than\n CVE-2011-1745. (CVE-2011-2022)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not\n prevent multiple registrations of exit handlers, which allows local users to cause a denial of service\n (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. (CVE-2011-2484)\n\n - Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows\n local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that\n expands a memory mapping. (CVE-2011-2496)\n\n - The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem\n in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to\n cause a denial of service (panic) via the perf program. (CVE-2011-2521)\n\n - The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when\n Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows\n remote attackers to cause a denial of service (system crash) via crafted network traffic. (CVE-2011-2723)\n\n - net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to\n certain packet data structures associated with VLAN Tag Control Information, which allows local users to\n obtain potentially sensitive information via a crafted application. (CVE-2011-2898)\n\n - The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows\n associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service\n (system hang) via a crafted application. (CVE-2011-2918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-1350.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2022\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-131.17.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-1350');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-131.17.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:27:12", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n - Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges.\n (CVE-2011-1745, CVE-2011-2022, Important)\n\n - An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n - A race condition flaw was found in the Linux kernel's eCryptfs implementation. A local attacker could use the mount.ecryptfs_private utility to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, a previous ecryptfs-utils update, which provides the user-space part of the fix, must also be installed. (CVE-2011-1833, Moderate)\n\n - A denial of service flaw was found in the way the taskstats subsystem handled the registration of process exit handlers. A local, unprivileged user could register an unlimited amount of these handlers, leading to excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n - A flaw was found in the way mapping expansions were handled. A local, unprivileged user could use this flaw to cause a wrapping condition, triggering a denial of service. (CVE-2011-2496, Moderate)\n\n - A flaw was found in the Linux kernel's Performance Events implementation. It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a lockup and panic the system. A local, unprivileged user could use this flaw to cause a denial of service (kernel panic) using the perf tool. (CVE-2011-2521, Moderate)\n\n - A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)\n\n - A flaw was found in the way the Linux kernel's Performance Events implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2918, Moderate)\n\n - A flaw was found in the Linux kernel's Trusted Platform Module (TPM) implementation. A local, unprivileged user could use this flaw to leak information to user-space.\n (CVE-2011-1160, Low)\n\n - Flaws were found in the tpacket_rcv() and packet_recvmsg() functions in the Linux kernel. A local, unprivileged user could use these flaws to leak information to user-space. (CVE-2011-2898, Low)\n\nThis update also fixes various bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1160", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2521", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-2918"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111005_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61148);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1160\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2521\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-2918\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - Flaws in the AGPGART driver implementation when handling\n certain IOCTL commands could allow a local user to cause\n a denial of service or escalate their privileges.\n (CVE-2011-1745, CVE-2011-2022, Important)\n\n - An integer overflow flaw in agp_allocate_memory() could\n allow a local user to cause a denial of service or\n escalate their privileges. (CVE-2011-1746, Important)\n\n - A race condition flaw was found in the Linux kernel's\n eCryptfs implementation. A local attacker could use the\n mount.ecryptfs_private utility to mount (and then\n access) a directory they would otherwise not have access\n to. Note: To correct this issue, a previous\n ecryptfs-utils update, which provides the user-space\n part of the fix, must also be installed. (CVE-2011-1833,\n Moderate)\n\n - A denial of service flaw was found in the way the\n taskstats subsystem handled the registration of process\n exit handlers. A local, unprivileged user could register\n an unlimited amount of these handlers, leading to\n excessive CPU time and memory use. (CVE-2011-2484,\n Moderate)\n\n - A flaw was found in the way mapping expansions were\n handled. A local, unprivileged user could use this flaw\n to cause a wrapping condition, triggering a denial of\n service. (CVE-2011-2496, Moderate)\n\n - A flaw was found in the Linux kernel's Performance\n Events implementation. It could falsely lead the NMI\n (Non-Maskable Interrupt) Watchdog to detect a lockup and\n panic the system. A local, unprivileged user could use\n this flaw to cause a denial of service (kernel panic)\n using the perf tool. (CVE-2011-2521, Moderate)\n\n - A flaw in skb_gro_header_slow() in the Linux kernel\n could lead to GRO (Generic Receive Offload) fields being\n left in an inconsistent state. An attacker on the local\n network could use this flaw to trigger a denial of\n service. GRO is enabled by default in all network\n drivers that support it. (CVE-2011-2723, Moderate)\n\n - A flaw was found in the way the Linux kernel's\n Performance Events implementation handled\n PERF_COUNT_SW_CPU_CLOCK counter overflow. A local,\n unprivileged user could use this flaw to cause a denial\n of service. (CVE-2011-2918, Moderate)\n\n - A flaw was found in the Linux kernel's Trusted Platform\n Module (TPM) implementation. A local, unprivileged user\n could use this flaw to leak information to user-space.\n (CVE-2011-1160, Low)\n\n - Flaws were found in the tpacket_rcv() and\n packet_recvmsg() functions in the Linux kernel. A local,\n unprivileged user could use these flaws to leak\n information to user-space. (CVE-2011-2898, Low)\n\nThis update also fixes various bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs and add\nthe enhancement noted in the Technical Notes. The system must be\nrebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=443\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b64db1a1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:21", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2037 advisory.\n\n - The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. (CVE-2011-1020)\n\n - Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.\n (CVE-2011-1577)\n\n - The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. (CVE-2011-1585)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. (CVE-2011-2495)\n\n - The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. (CVE-2011-2525)\n\n - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638)\n\n - The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and updating a negative key into a fully instantiated key. (CVE-2011-4110)\n\n - Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field. (CVE-2011-4330)\n\n - The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request. (CVE-2011-2707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2037)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-2182", "CVE-2011-2495", "CVE-2011-2525", "CVE-2011-2707", "CVE-2011-2909", "CVE-2011-3347", "CVE-2011-3638", "CVE-2011-4110", "CVE-2011-4330"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el6uekdebug"], "id": "ORACLELINUX_ELSA-2011-2037.NASL", "href": "https://www.tenable.com/plugins/nessus/68425", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2037.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68425);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1017\",\n \"CVE-2011-1020\",\n \"CVE-2011-1577\",\n \"CVE-2011-1585\",\n \"CVE-2011-2182\",\n \"CVE-2011-2495\",\n \"CVE-2011-2525\",\n \"CVE-2011-2707\",\n \"CVE-2011-2909\",\n \"CVE-2011-3347\",\n \"CVE-2011-3638\",\n \"CVE-2011-4110\",\n \"CVE-2011-4330\"\n );\n script_bugtraq_id(\n 46512,\n 46567,\n 47343,\n 47381,\n 48641,\n 48817,\n 49408,\n 49411,\n 50312,\n 50322,\n 50750,\n 50755\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2011-2037 advisory.\n\n - The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the\n /proc directory tree of a process after this process performs an exec of a setuid program, which allows\n local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write\n system calls. (CVE-2011-1020)\n\n - Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38\n and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have\n unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.\n (CVE-2011-1577)\n\n - The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly\n determine the associations between users and sessions, which allows local users to bypass CIFS share\n authentication by leveraging a mount of a share by a different user. (CVE-2011-1585)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io\n files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by\n discovering the length of another user's password. (CVE-2011-2495)\n\n - The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent\n tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local\n users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other\n impact via a crafted call. (CVE-2011-2525)\n\n - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases\n of extent splitting, which allows local users to cause a denial of service (system crash) via vectors\n involving ext4 umount and mount operations. (CVE-2011-3638)\n\n - The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to\n cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined\n key and updating a negative key into a fully instantiated key. (CVE-2011-4110)\n\n - Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows\n local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with\n a crafted len field. (CVE-2011-4330)\n\n - The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not\n validate user-space pointers, which allows local users to obtain sensitive information from kernel memory\n locations via a crafted PTRACE_SETXTREGS request. (CVE-2011-2707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-2037.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4330\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-300.3.1.el5uek', '2.6.32-300.3.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-2037');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-300.3.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-300.3.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-300.3.1.el5uek-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el5uek-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-300.3.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-300.3.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-300.3.1.el6uek-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el6uek-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:33:10", "description": "The openSUSE 11.3 kernel was updated to fix various bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used.\n\nCVE-2011-2525: A flaw allowed the tc_fill_qdisc() function in the Linux kernels packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could have used this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n\nCVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n\nCVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-1576: The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\\0' character.\n\nCVE-2011-1770: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.\n\nCVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic.\n\nCVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory.\n\nCVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel.\n\nCVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3880", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1770", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2525", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-4081", "CVE-2011-4604"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vmi", "p-cpe:/a:novell:opensuse:kernel-vmi-base", "p-cpe:/a:novell:opensuse:kernel-vmi-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:preload-kmp-default", "p-cpe:/a:novell:opensuse:preload-kmp-desktop", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_KERNEL-120104.NASL", "href": "https://www.tenable.com/plugins/nessus/75557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-5605.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75557);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3880\", \"CVE-2011-1478\", \"CVE-2011-1576\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-4081\", \"CVE-2011-4604\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)\");\n script_summary(english:\"Check for the kernel-5605 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.3 kernel was updated to fix various bugs and security\nissues.\n\nFollowing security issues have been fixed: CVE-2011-4604: If root does\nread() on a specific socket, it's possible to corrupt (kernel) memory\nover network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol\nis used.\n\nCVE-2011-2525: A flaw allowed the tc_fill_qdisc() function in the\nLinux kernels packet scheduler API implementation to be called on\nbuilt-in qdisc structures. A local, unprivileged user could have used\nthis flaw to trigger a NULL pointer dereference, resulting in a denial\nof service.\n\nCVE-2011-2699: Fernando Gont discovered that the IPv6 stack used\npredictable fragment identification numbers. A remote attacker could\nexploit this to exhaust network resources, leading to a denial of\nservice.\n\nCVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c\nin the Linux kernel did not properly audit INET_DIAG bytecode, which\nallowed local users to cause a denial of service (kernel infinite\nloop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\nmessage, as demonstrated by an INET_DIAG_BC_JMP instruction with a\nzero yes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-1576: The Generic Receive Offload (GRO) implementation in the\nLinux kernel allowed remote attackers to cause a denial of service via\ncrafted VLAN packets that are processed by the napi_reuse_skb\nfunction, leading to (1) a memory leak or (2) memory corruption, a\ndifferent vulnerability than CVE-2011-1478.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write function in\nnet/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have\nallowed local users to cause a denial of service or have unspecified\nother impact via a crafted write operation, related to string data\nthat lacks a terminating '\\0' character.\n\nCVE-2011-1770: Integer underflow in the dccp_parse_options function\n(net/dccp/options.c) in the Linux kernel allowed remote attackers to\ncause a denial of service via a Datagram Congestion Control Protocol\n(DCCP) packet with an invalid feature options length, which triggered\na buffer over-read.\n\nCVE-2011-2723: The skb_gro_header_slow function in\ninclude/linux/netdevice.h in the Linux kernel, when Generic Receive\nOffload (GRO) is enabled, reset certain fields in incorrect\nsituations, which allowed remote attackers to cause a denial of\nservice (system crash) via crafted network traffic.\n\nCVE-2011-2898: A kernel information leak in the AF_PACKET protocol was\nfixed which might have allowed local attackers to read kernel memory.\n\nCVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs\nfilesystems was fixed which could be used by local attackers to crash\nthe kernel.\n\nCVE-2011-4081: Using the crypto interface a local user could Oops the\nkernel by writing to a AF_ALG socket.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=710235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-extra-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-vanilla-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-syms-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-default-1.1_k2.6.34.10_0.6-19.1.37\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-desktop-1.1_k2.6.34.10_0.6-19.1.37\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:19:26", "description": "This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.\n\nThis update fixes the following security issues :\n\n - X.25 remote DoS. (CVE-2010-3873). (bnc#651219)\n\n - X.25 remote Dos. (CVE-2010-4164). (bnc#653260)\n\n - 1 socket local DoS. (CVE-2010-4249). (bnc#655696)\n\n - ebtables infoleak. (CVE-2011-1080). (bnc#676602)\n\n - netfilter: arp_tables infoleak to userspace.\n (CVE-2011-1170). (bnc#681180)\n\n - netfilter: ip_tables infoleak to userspace.\n (CVE-2011-1171). (bnc#681181)\n\n - netfilter: ip6_tables infoleak to userspace.\n (CVE-2011-1172). (bnc#681185)\n\n - econet 4 byte infoleak. (CVE-2011-1173). (bnc#681186)\n\n - hfs NULL pointer dereference. (CVE-2011-2203).\n (bnc#699709)\n\n - inet_diag infinite loop. (CVE-2011-2213). (bnc#700879)\n\n - netfilter: ipt_CLUSTERIP buffer overflow.\n (CVE-2011-2534). (bnc#702037)\n\n - ipv6: make fragment identifications less predictable.\n (CVE-2011-2699). (bnc#707288)\n\n - clock_gettime() panic. (CVE-2011-3209). (bnc#726064)\n\n - qdisc NULL dereference (CVE-2011-2525) This update also fixes the following non-security issues:. (bnc#735612)\n\n - New timesource for VMware platform. (bnc#671124)\n\n - usblp crashes after the printer is unplugged for the second time. (bnc#673343)\n\n - Data corruption with mpt2sas driver. (bnc#704253)\n\n - NIC Bond no longer works when booting the XEN kernel.\n (bnc#716437)\n\n - 'reboot=b' kernel command line hangs system on reboot.\n (bnc#721267)\n\n - kernel panic at iscsi_xmitwork function. (bnc#721351)\n\n - NFS supplementary group permissions. (bnc#725878)\n\n - IBM LTC System z Maintenance Kernel Patches (#59).\n (bnc#726843)\n\n - NFS slowness. (bnc#727597)\n\n - IBM LTC System z maintenance kernel patches (#60).\n (bnc#728341)\n\n - propagate MAC-address to VLAN-interface. (bnc#729117)\n\n - ipmi deadlock in start_next_msg. (bnc#730749)\n\n - ext3 filesystem corruption after crash. (bnc#731770)\n\n - IBM LTC System z maintenance kernel patches (#61).\n (bnc#732375)\n\n - hangs when offlining a CPU core. (bnc#733407)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2012-01-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7918)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3873", "CVE-2010-4164", "CVE-2010-4249", "CVE-2011-1080", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2525", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-3209"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7918.NASL", "href": "https://www.tenable.com/plugins/nessus/57659", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57659);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3873\", \"CVE-2010-4164\", \"CVE-2010-4249\", \"CVE-2011-1080\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-3209\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7918)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Linux kernel update fixes various security issues and bugs in the\nSUSE Linux Enterprise 10 SP4 kernel.\n\nThis update fixes the following security issues :\n\n - X.25 remote DoS. (CVE-2010-3873). (bnc#651219)\n\n - X.25 remote Dos. (CVE-2010-4164). (bnc#653260)\n\n - 1 socket local DoS. (CVE-2010-4249). (bnc#655696)\n\n - ebtables infoleak. (CVE-2011-1080). (bnc#676602)\n\n - netfilter: arp_tables infoleak to userspace.\n (CVE-2011-1170). (bnc#681180)\n\n - netfilter: ip_tables infoleak to userspace.\n (CVE-2011-1171). (bnc#681181)\n\n - netfilter: ip6_tables infoleak to userspace.\n (CVE-2011-1172). (bnc#681185)\n\n - econet 4 byte infoleak. (CVE-2011-1173). (bnc#681186)\n\n - hfs NULL pointer dereference. (CVE-2011-2203).\n (bnc#699709)\n\n - inet_diag infinite loop. (CVE-2011-2213). (bnc#700879)\n\n - netfilter: ipt_CLUSTERIP buffer overflow.\n (CVE-2011-2534). (bnc#702037)\n\n - ipv6: make fragment identifications less predictable.\n (CVE-2011-2699). (bnc#707288)\n\n - clock_gettime() panic. (CVE-2011-3209). (bnc#726064)\n\n - qdisc NULL dereference (CVE-2011-2525) This update also\n fixes the following non-security issues:. (bnc#735612)\n\n - New timesource for VMware platform. (bnc#671124)\n\n - usblp crashes after the printer is unplugged for the\n second time. (bnc#673343)\n\n - Data corruption with mpt2sas driver. (bnc#704253)\n\n - NIC Bond no longer works when booting the XEN kernel.\n (bnc#716437)\n\n - 'reboot=b' kernel command line hangs system on reboot.\n (bnc#721267)\n\n - kernel panic at iscsi_xmitwork function. (bnc#721351)\n\n - NFS supplementary group permissions. (bnc#725878)\n\n - IBM LTC System z Maintenance Kernel Patches (#59).\n (bnc#726843)\n\n - NFS slowness. (bnc#727597)\n\n - IBM LTC System z maintenance kernel patches (#60).\n (bnc#728341)\n\n - propagate MAC-address to VLAN-interface. (bnc#729117)\n\n - ipmi deadlock in start_next_msg. (bnc#730749)\n\n - ext3 filesystem corruption after crash. (bnc#731770)\n\n - IBM LTC System z maintenance kernel patches (#61).\n (bnc#732375)\n\n - hangs when offlining a CPU core. (bnc#733407)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4249.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2203.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2525.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2534.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2699.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3209.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7918.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.93.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:23:30", "description": "This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.\n\nThis update fixes the following security issues :\n\n - X.25 remote DoS. (CVE-2010-3873). (bnc#651219)\n\n - X.25 remote Dos. (CVE-2010-4164). (bnc#653260)\n\n - 1 socket local DoS. (CVE-2010-4249). (bnc#655696)\n\n - ebtables infoleak. (CVE-2011-1080). (bnc#676602)\n\n - netfilter: arp_tables infoleak to userspac