DATABASE RESOURCES PRICING ABOUT US

{"id": "USN-1313-1", "vendorId": null, "type": "ubuntu", "bulletinFamily": "unix", "title": "Linux Kernel (Oneiric backport) vulnerability", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux-lts-backport-oneiric \\- Linux kernel backport from Oneiric\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops.\n", "published": "2011-12-19T00:00:00", "modified": "2011-12-19T00:00:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/notices/USN-1313-1", "reporter": "Ubuntu", "references": ["/security/CVE-2011-4081"], "cvelist": ["CVE-2011-4081"], "immutableFields": [], "lastseen": "2023-01-26T13:37:54", "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2011-022", "ALAS-2012-055"]}, {"type": "centos", "idList": ["CESA-2012:0350"]}, {"type": "cve", "idList": ["CVE-2011-4081"]}, {"type": "fedora", "idList": ["FEDORA:ACEFF2102F", "FEDORA:CAA68215A9"]}, {"type": "nessus", "idList": ["ALA_ALAS-2011-22.NASL", "ALA_ALAS-2012-55.NASL", "CENTOS_RHSA-2012-0350.NASL", "FEDORA_2011-15241.NASL", "ORACLELINUX_ELSA-2012-0350.NASL", "ORACLELINUX_ELSA-2012-2003.NASL", "REDHAT-RHSA-2012-0010.NASL", "REDHAT-RHSA-2012-0350.NASL", "REDHAT-RHSA-2012-0422.NASL", "SL_20120306_KERNEL_ON_SL6_X.NASL", "SUSE_11_3_KERNEL-120104.NASL", "SUSE_11_4_KERNEL-120104.NASL", "SUSE_11_KERNEL-120129.NASL", "SUSE_11_KERNEL-120130.NASL", "UBUNTU_USN-1286-1.NASL", "UBUNTU_USN-1287-1.NASL", "UBUNTU_USN-1292-1.NASL", "UBUNTU_USN-1293-1.NASL", "UBUNTU_USN-1294-1.NASL", "UBUNTU_USN-1299-1.NASL", "UBUNTU_USN-1301-1.NASL", "UBUNTU_USN-1302-1.NASL", "UBUNTU_USN-1303-1.NASL", "UBUNTU_USN-1304-1.NASL", "UBUNTU_USN-1311-1.NASL", "UBUNTU_USN-1312-1.NASL", "UBUNTU_USN-1313-1.NASL", "UBUNTU_USN-1322-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120395", "OPENVAS:1361412562310120412", "OPENVAS:1361412562310123956", "OPENVAS:1361412562310123959", "OPENVAS:1361412562310840828", "OPENVAS:1361412562310840829", "OPENVAS:1361412562310840832", "OPENVAS:1361412562310840834", "OPENVAS:1361412562310840838", "OPENVAS:1361412562310840840", "OPENVAS:1361412562310840841", "OPENVAS:1361412562310840843", "OPENVAS:1361412562310840844", "OPENVAS:1361412562310840847", "OPENVAS:1361412562310840851", "OPENVAS:1361412562310840853", "OPENVAS:1361412562310840940", "OPENVAS:1361412562310840945", "OPENVAS:1361412562310850211", "OPENVAS:1361412562310850253", "OPENVAS:1361412562310863606", "OPENVAS:1361412562310863647", "OPENVAS:1361412562310870729", "OPENVAS:1361412562310881118", "OPENVAS:840828", "OPENVAS:840829", "OPENVAS:840832", "OPENVAS:840834", "OPENVAS:840838", "OPENVAS:840840", "OPENVAS:840841", "OPENVAS:840843", "OPENVAS:840844", "OPENVAS:840847", "OPENVAS:840851", "OPENVAS:840853", "OPENVAS:840940", "OPENVAS:840945", "OPENVAS:850211", "OPENVAS:850253", "OPENVAS:863606", "OPENVAS:863647", "OPENVAS:870729", "OPENVAS:881118"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0350", "ELSA-2012-2003"]}, {"type": "redhat", "idList": ["RHSA-2012:0010", "RHSA-2012:0350", "RHSA-2012:0422"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27432", "SECURITYVULNS:VULN:12086"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0206-1", "OPENSUSE-SU-2012:0236-1", "SUSE-SU-2012:0153-1", "SUSE-SU-2012:0153-2", "SUSE-SU-2012:0364-1"]}, {"type": "ubuntu", "idList": ["USN-1287-1", "USN-1292-1", "USN-1293-1", "USN-1299-1", "USN-1301-1", "USN-1302-1", "USN-1303-1", "USN-1304-1", "USN-1311-1", "USN-1312-1", "USN-1322-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-4081"]}, {"type": "veracode", "idList": ["VERACODE:24930"]}]}, "score": {"value": 1.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2011-022"]}, {"type": "centos", "idList": ["CESA-2012:0350"]}, {"type": "cve", "idList": ["CVE-2011-4081"]}, {"type": "fedora", "idList": ["FEDORA:CAA68215A9"]}, {"type": "nessus", "idList": ["SUSE_11_KERNEL-120129.NASL", "UBUNTU_USN-1287-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:840829", "OPENVAS:840832"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0350", "ELSA-2012-2003"]}, {"type": "redhat", "idList": ["RHSA-2012:0350"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27432"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0236-1"]}, {"type": "ubuntu", "idList": ["USN-1292-1", "USN-1299-1"]}]}, "exploitation": null, "vulnersScore": 1.5}, "_state": {"dependencies": 1674740373, "score": 1674740503}, "_internal": {"score_hash": "fe021cb34b2968afe207f400cdab99c1"}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "packageVersion": "3.0.0-14.23~lucid1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-3.0.0-14-generic"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "packageVersion": "3.0.0-14.23~lucid1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-3.0.0-14-server"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "packageVersion": "3.0.0-14.23~lucid1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-3.0.0-14-generic-pae"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "packageVersion": "3.0.0-14.23~lucid1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-3.0.0-14-virtual"}]}

{"nessus": [{"lastseen": "2023-01-11T14:39:21", "description": "Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-06T00:00:00", "type": "nessus", "title": "USN-1287-1 : linux-ti-omap4 vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4081"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1287-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57024", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1287-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57024);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-4081\");\n script_xref(name:\"USN\", value:\"1287-1\");\n\n script_name(english:\"USN-1287-1 : linux-ti-omap4 vulnerability\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1287-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/05\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/06\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-1206-omap4\", pkgver:\"3.0.0-1206.13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:ubuntu_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:39:57", "description": "Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-20T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerability (USN-1313-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4081"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1313-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57344", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1313-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57344);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4081\");\n script_xref(name:\"USN\", value:\"1313-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerability (USN-1313-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1313-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-4081\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1313-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-14-generic\", pkgver:\"3.0.0-14.23~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-14-generic-pae\", pkgver:\"3.0.0-14.23~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-14-server\", pkgver:\"3.0.0-14.23~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-14-virtual\", pkgver:\"3.0.0-14.23~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.0-generic / linux-image-3.0-generic-pae / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:58:32", "description": "The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.\n\nBuffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.\n\ncrypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2011-22)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1083", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:perf", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-22.NASL", "href": "https://www.tenable.com/plugins/nessus/69581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-22.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69581);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/30\");\n\n script_cve_id(\"CVE-2011-1083\", \"CVE-2011-4077\", \"CVE-2011-4081\");\n script_xref(name:\"ALAS\", value:\"2011-22\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2011-22)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The epoll implementation in the Linux kernel 2.6.37.2 and earlier does\nnot properly traverse a tree of epoll file descriptors, which allows\nlocal users to cause a denial of service (CPU consumption) via a\ncrafted application that makes epoll_create and epoll_ctl system\ncalls.\n\nBuffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c\nin XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled,\nallows local users to cause a denial of service (memory corruption and\ncrash) and possibly execute arbitrary code via an XFS image containing\na symbolic link with a long pathname.\n\ncrypto/ghash-generic.c in the Linux kernel before 3.1 allows local\nusers to cause a denial of service (NULL pointer dereference and OOPS)\nor possibly have unspecified other impact by triggering a failed or\nmissing ghash_setkey function call, followed by a (1) ghash_update\nfunction call or (2) ghash_final function call, as demonstrated by a\nwrite operation on an AF_ALG socket.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-22.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-2.6.35.14-103.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-2.6.35.14-103.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.35.14-103.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.35.14-103.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-2.6.35.14-103.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-2.6.35.14-103.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-2.6.35.14-103.47.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-2.6.35.14-103.47.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:59", "description": "A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-20T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : linux vulnerabilities (USN-1312-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1312-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1312-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57343);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n script_bugtraq_id(50370, 50663, 50750);\n script_xref(name:\"USN\", value:\"1312-1\");\n\n script_name(english:\"Ubuntu 11.04 : linux vulnerabilities (USN-1312-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug was discovered in the XFS filesystem's handling of pathnames. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local\nattacker able to mount ext3 or ext4 file systems could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-4132)\n\nClement Lecigne discovered a bug in the HFS file system bounds\nchecking. When a malformed HFS file system is mounted a local user\ncould crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1312-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1312-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-generic\", pkgver:\"2.6.38-13.53\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-generic-pae\", pkgver:\"2.6.38-13.53\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-server\", pkgver:\"2.6.38-13.53\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-versatile\", pkgver:\"2.6.38-13.53\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-virtual\", pkgver:\"2.6.38-13.53\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:11", "description": "A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-14T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1301-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1301-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57302", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1301-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57302);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n script_xref(name:\"USN\", value:\"1301-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1301-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug was discovered in the XFS filesystem's handling of pathnames. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local\nattacker able to mount ext3 or ext4 file systems could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-4132)\n\nClement Lecigne discovered a bug in the HFS file system bounds\nchecking. When a malformed HFS file system is mounted a local user\ncould crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1301-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1301-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-generic\", pkgver:\"2.6.38-13.53~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-generic-pae\", pkgver:\"2.6.38-13.53~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-server\", pkgver:\"2.6.38-13.53~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-virtual\", pkgver:\"2.6.38-13.53~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:51", "description": "Security update for various issues.\n----------------------------------------------------------------------\n-----=\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-11-07T00:00:00", "type": "nessus", "title": "Fedora 14 : kernel-2.6.35.14-103.fc14 (2011-15241)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1083", "CVE-2011-1160", "CVE-2011-1162", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-15241.NASL", "href": "https://www.tenable.com/plugins/nessus/56721", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-15241.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56721);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1083\", \"CVE-2011-1160\", \"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\");\n script_bugtraq_id(46630, 50366, 50370);\n script_xref(name:\"FEDORA\", value:\"2011-15241\");\n\n script_name(english:\"Fedora 14 : kernel-2.6.35.14-103.fc14 (2011-15241)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update for various issues.\n----------------------------------------------------------------------\n-----=\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=748668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=749166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=749484\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/068760.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0fb020a4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"kernel-2.6.35.14-103.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:53", "description": "A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-09T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 : linux vulnerabilities (USN-1293-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1293-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57057", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1293-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57057);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_xref(name:\"USN\", value:\"1293-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux vulnerabilities (USN-1293-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug was discovered in the XFS filesystem's handling of pathnames. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local\nattacker able to mount ext3 or ext4 file systems could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw to\ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds\nchecking. When a malformed HFS file system is mounted a local user\ncould crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1293-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1293-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-generic\", pkgver:\"2.6.35-31.63\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-generic-pae\", pkgver:\"2.6.35-31.63\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-server\", pkgver:\"2.6.35-31.63\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-versatile\", pkgver:\"2.6.35-31.63\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-virtual\", pkgver:\"2.6.35-31.63\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:57", "description": "A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-09T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1292-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1292-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57056", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1292-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57056);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_xref(name:\"USN\", value:\"1292-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1292-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug was discovered in the XFS filesystem's handling of pathnames. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local\nattacker able to mount ext3 or ext4 file systems could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw to\ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds\nchecking. When a malformed HFS file system is mounted a local user\ncould crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1292-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1292-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-generic\", pkgver:\"2.6.35-31.63~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-generic-pae\", pkgver:\"2.6.35-31.63~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-server\", pkgver:\"2.6.35-31.63~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-virtual\", pkgver:\"2.6.35-31.63~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:51", "description": "A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-14T00:00:00", "type": "nessus", "title": "USN-1302-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1302-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57303", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1302-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57303);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_xref(name:\"USN\", value:\"1302-1\");\n\n script_name(english:\"USN-1302-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"A bug was discovered in the XFS filesystem's handling of pathnames. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local\nattacker able to mount ext3 or ext4 file systems could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw\nto crash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds\nchecking. When a malformed HFS file system is mounted a local user\ncould crash the system or gain root privileges. (CVE-2011-4330)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1302-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/14\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-903-omap4\", pkgver:\"2.6.35-903.28\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:40", "description": "Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-14T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1299-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1162", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1299-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57300", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1299-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57300);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_bugtraq_id(50366, 50370, 50663, 50750, 50751, 50764);\n script_xref(name:\"USN\", value:\"1299-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1299-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Peter Huewe discovered an information leak in the handling of reading\nsecurity-related TPM data. A local, unprivileged user could read the\nresults of a previous TPM command. (CVE-2011-1162)\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local\nattacker able to mount ext3 or ext4 file systems could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw to\ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds\nchecking. When a malformed HFS file system is mounted a local user\ncould crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1299-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1299-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-341-ec2\", pkgver:\"2.6.32-341.42\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:20:18", "description": "Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-01-10T00:00:00", "type": "nessus", "title": "Ubuntu 11.10 : linux vulnerability (USN-1322-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2203", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4110", "CVE-2011-4132", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1322-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1322-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57467);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2203\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4110\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n script_bugtraq_id(48236, 50366, 50370, 50663, 50750, 50755);\n script_xref(name:\"USN\", value:\"1322-1\");\n\n script_name(english:\"Ubuntu 11.10 : linux vulnerability (USN-1322-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1322-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2203\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4110\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1322-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-14-generic\", pkgver:\"3.0.0-14.23\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-14-generic-pae\", pkgver:\"3.0.0-14.23\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-14-server\", pkgver:\"3.0.0-14.23\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-14-virtual\", pkgver:\"3.0.0-14.23\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-15-generic\", pkgver:\"3.0.0-15.25\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-15-generic-pae\", pkgver:\"3.0.0-15.25\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-15-server\", pkgver:\"3.0.0-15.25\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-15-virtual\", pkgver:\"3.0.0-15.25\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.0-generic / linux-image-3.0-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:58", "description": "Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-14T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1303-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1162", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1303-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1303-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57304);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_bugtraq_id(50764);\n script_xref(name:\"USN\", value:\"1303-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1303-1)\");\n script_summary(english:\"Checks dpkg output for updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Peter Huewe discovered an information leak in the handling of reading\nsecurity-related TPM data. A local, unprivileged user could read the\nresults of a previous TPM command. (CVE-2011-1162)\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local\nattacker able to mount ext3 or ext4 file systems could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw to\ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds\nchecking. When a malformed HFS file system is mounted a local user\ncould crash the system or gain root privileges. (CVE-2011-4330).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6.32-421-dove package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/Ubuntu/release\") ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.32-421-dove\", pkgver:\"2.6.32-421.39\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:51", "description": "Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-20T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1311-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1162", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1311-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57342", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1311-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57342);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_bugtraq_id(50370, 50663, 50750, 50751, 50764);\n script_xref(name:\"USN\", value:\"1311-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1311-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Peter Huewe discovered an information leak in the handling of reading\nsecurity-related TPM data. A local, unprivileged user could read the\nresults of a previous TPM command. (CVE-2011-1162)\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local\nattacker able to mount ext3 or ext4 file systems could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw to\ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds\nchecking. When a malformed HFS file system is mounted a local user\ncould crash the system or gain root privileges. (CVE-2011-4330).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1311-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1311-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-37-386\", pkgver:\"2.6.32-37.81\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-37-generic\", pkgver:\"2.6.32-37.81\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-37-generic-pae\", pkgver:\"2.6.32-37.81\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-37-lpia\", pkgver:\"2.6.32-37.81\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-37-preempt\", pkgver:\"2.6.32-37.81\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-37-server\", pkgver:\"2.6.32-37.81\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-37-versatile\", pkgver:\"2.6.32-37.81\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-37-virtual\", pkgver:\"2.6.32-37.81\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:56", "description": "A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081)\n\nScot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service.\n(CVE-2011-4087)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-14T00:00:00", "type": "nessus", "title": "USN-1304-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1304-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57305", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1304-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57305);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_xref(name:\"USN\", value:\"1304-1\");\n\n script_name(english:\"USN-1304-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"A bug was discovered in the XFS filesystem's handling of pathnames. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm\nincorrectly handled error conditions. A local attacker could exploit\nthis to cause a kernel oops. (CVE-2011-4081)\n\nScot Doyle discovered that the bridge networking interface\nincorrectly handled certain network packets. A remote attacker could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2011-4087)\n\nA flaw was found in the Journaling Block Device (JBD). A local\nattacker able to mount ext3 or ext4 file systems could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw\nto crash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds\nchecking. When a malformed HFS file system is mounted a local user\ncould crash the system or gain root privileges. (CVE-2011-4330)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1304-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/14\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-1209-omap4\", pkgver:\"2.6.38-1209.18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:14", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-2003 advisory.\n\n - crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. (CVE-2011-4081)\n\n - The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation. (CVE-2011-4347)\n\n - Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow. (CVE-2012-0038)\n\n - The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.\n (CVE-2012-0045)\n\n - The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. (CVE-2012-0207)\n\n - Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. (CVE-2011-4077)\n\n - The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an invalid log first block value. (CVE-2011-4132)\n\n - The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. (CVE-2011-4622)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2003)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el5uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el5uekdebug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el6uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el6uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el6uekdebug"], "id": "ORACLELINUX_ELSA-2012-2003.NASL", "href": "https://www.tenable.com/plugins/nessus/68669", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2012-2003.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68669);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-4077\",\n \"CVE-2011-4081\",\n \"CVE-2011-4132\",\n \"CVE-2011-4347\",\n \"CVE-2011-4622\",\n \"CVE-2012-0038\",\n \"CVE-2012-0045\",\n \"CVE-2012-0207\"\n );\n script_bugtraq_id(\n 50366,\n 50370,\n 50663,\n 50811,\n 51172,\n 51343,\n 51380,\n 51389\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2003)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2012-2003 advisory.\n\n - crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service\n (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or\n missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final\n function call, as demonstrated by a write operation on an AF_ALG socket. (CVE-2011-4081)\n\n - The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux\n kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which\n allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a\n KVM_ASSIGN_PCI_DEVICE operation. (CVE-2011-4347)\n\n - Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9\n allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to\n a heap-based buffer overflow. (CVE-2012-0038)\n\n - The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before\n 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a\n denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.\n (CVE-2012-0045)\n\n - The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers\n to cause a denial of service (divide-by-zero error and panic) via IGMP packets. (CVE-2012-0207)\n\n - Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when\n CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and\n crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long\n pathname. (CVE-2011-4077)\n\n - The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel\n 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4\n image with an invalid log first block value. (CVE-2011-4132)\n\n - The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not\n properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt\n controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer\n dereference) by starting a timer. (CVE-2011-4622)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2012-2003.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-300.11.1.el5uek', '2.6.32-300.11.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2012-2003');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-300.11.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-300.11.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.11.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.11.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.11.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.11.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.11.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.11.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-300.11.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-300.11.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.11.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.11.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'mlnx_en-2.6.32-300.11.1.el5uek-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.11.1.el5uek-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.11.1.el5uekdebug-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.11.1.el5uekdebug-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.11.1.el5uek-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.11.1.el5uek-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.11.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.11.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-300.11.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-300.11.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.11.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.11.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.11.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.11.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.11.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.11.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-300.11.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-300.11.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.11.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.11.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'mlnx_en-2.6.32-300.11.1.el6uek-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.11.1.el6uek-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.11.1.el6uekdebug-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.11.1.el6uekdebug-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.11.1.el6uek-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.11.1.el6uek-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.11.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.11.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:39:21", "description": "Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nQianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service.\n(CVE-2011-2942)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209)\n\nZheng Liu discovered a flaw in how the ext4 filesystem splits extents.\nA local unprivileged attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-3638)\n\nScot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4087)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-09T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1294-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1162", "CVE-2011-2494", "CVE-2011-2942", "CVE-2011-3209", "CVE-2011-3638", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4326"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1294-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57058", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1294-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57058);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-2494\", \"CVE-2011-2942\", \"CVE-2011-3209\", \"CVE-2011-3638\", \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4326\");\n script_bugtraq_id(50311, 50313, 50314, 50322, 50366, 50751, 50764);\n script_xref(name:\"USN\", value:\"1294-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1294-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Peter Huewe discovered an information leak in the handling of reading\nsecurity-related TPM data. A local, unprivileged user could read the\nresults of a previous TPM command. (CVE-2011-1162)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nQianfeng Zhang discovered that the bridge networking interface\nincorrectly handled certain network packets. A remote attacker could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2011-2942)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock\nimplementation. A local unprivileged attacker could exploit this\ncausing a denial of service. (CVE-2011-3209)\n\nZheng Liu discovered a flaw in how the ext4 filesystem splits extents.\nA local unprivileged attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-3638)\n\nScot Doyle discovered that the bridge networking interface incorrectly\nhandled certain network packets. A remote attacker could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-4087)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw to\ncrash the system. (CVE-2011-4326).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1294-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1162\", \"CVE-2011-2494\", \"CVE-2011-2942\", \"CVE-2011-3209\", \"CVE-2011-3638\", \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4326\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1294-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-13-generic\", pkgver:\"3.0.0-13.22~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-13-generic-pae\", pkgver:\"3.0.0-13.22~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-13-server\", pkgver:\"3.0.0-13.22~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-13-virtual\", pkgver:\"3.0.0-13.22~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.0-generic / linux-image-3.0-generic-pae / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:39:55", "description": "Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-12-05T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1286-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1286-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1286-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57005);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_bugtraq_id(47321, 48538, 48641, 49141, 50366, 50370, 50663, 50750, 50751);\n script_xref(name:\"USN\", value:\"1286-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1286-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1286-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1286-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-386\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-generic\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-generic-pae\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-lpia\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-preempt\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-server\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-versatile\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-virtual\", pkgver:\"2.6.32-36.79\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:58:09", "description": "A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names.\nA local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077 , Moderate)\n\nFlaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081 , Moderate)\n\nA flaw was found in the Linux kernel's Journaling Block Device (JBD).\nA local, unprivileged user could use this flaw to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132 , Moderate)\n\nIt was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not.\nA local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347 , Moderate)\n\nTwo flaws were found in the way the Linux kernel's __sys_sendmsg() function, when invoked via the sendmmsg() system call, accessed user-space memory. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2011-4594 , Moderate)\n\nA previous update introduced an integer overflow flaw in the Linux kernel. On PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4611 , Moderate)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A local, unprivileged user on the host could force this situation to occur, resulting in the host crashing. (CVE-2011-4622 , Moderate)\n\nA flaw was found in the way the Linux kernel's XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk.\n(CVE-2012-0038 , Moderate)\n\nA flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045 , Moderate)\n\nA divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207 , Moderate)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2012-55)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207"], "modified": "2020-07-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:perf", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-55.NASL", "href": "https://www.tenable.com/plugins/nessus/69662", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-55.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69662);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/31\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4347\", \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2011-4622\", \"CVE-2012-0038\", \"CVE-2012-0045\", \"CVE-2012-0207\");\n script_xref(name:\"ALAS\", value:\"2012-55\");\n script_xref(name:\"RHSA\", value:\"2012:0350\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2012-55)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A buffer overflow flaw was found in the way the Linux kernel's XFS\nfile system implementation handled links with overly long path names.\nA local, unprivileged user could use this flaw to cause a denial of\nservice or escalate their privileges by mounting a specially crafted\ndisk. (CVE-2011-4077 , Moderate)\n\nFlaws in ghash_update() and ghash_final() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-4081 ,\nModerate)\n\nA flaw was found in the Linux kernel's Journaling Block Device (JBD).\nA local, unprivileged user could use this flaw to crash the system by\nmounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132 ,\nModerate)\n\nIt was found that the kvm_vm_ioctl_assign_device() function in the KVM\n(Kernel-based Virtual Machine) subsystem of a Linux kernel did not\ncheck if the user requesting device assignment was privileged or not.\nA local, unprivileged user on the host could assign unused PCI\ndevices, or even devices that were in use and whose resources were not\nproperly claimed by the respective drivers, which could result in the\nhost crashing. (CVE-2011-4347 , Moderate)\n\nTwo flaws were found in the way the Linux kernel's __sys_sendmsg()\nfunction, when invoked via the sendmmsg() system call, accessed\nuser-space memory. A local, unprivileged user could use these flaws to\ncause a denial of service. (CVE-2011-4594 , Moderate)\n\nA previous update introduced an integer overflow flaw in the Linux\nkernel. On PowerPC systems, a local, unprivileged user could use this\nflaw to cause a denial of service. (CVE-2011-4611 , Moderate)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A local,\nunprivileged user on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622 , Moderate)\n\nA flaw was found in the way the Linux kernel's XFS file system\nimplementation handled on-disk Access Control Lists (ACLs). A local,\nunprivileged user could use this flaw to cause a denial of service or\nescalate their privileges by mounting a specially crafted disk.\n(CVE-2012-0038 , Moderate)\n\nA flaw was found in the way the Linux kernel's KVM hypervisor\nimplementation emulated the syscall instruction for 32-bit guests. An\nunprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045 , Moderate)\n\nA divide-by-zero flaw was found in the Linux kernel's\nigmp_heard_query() function. An attacker able to send certain IGMP\n(Internet Group Management Protocol) packets to a target system could\nuse this flaw to cause a denial of service. (CVE-2012-0207 , Moderate)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-55.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-2.6.35.14-107.1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-2.6.35.14-107.1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.35.14-107.1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.35.14-107.1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-2.6.35.14-107.1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-2.6.35.14-107.1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-2.6.35.14-107.1.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-2.6.35.14-107.1.39.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:28:43", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n - A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, Moderate)\n\n - Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-4081, Moderate)\n\n - A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local, unprivileged user could use this flaw to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n\n - It was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.\n (CVE-2011-4347, Moderate)\n\n - Two flaws were found in the way the Linux kernel's\n __sys_sendmsg() function, when invoked via the sendmmsg() system call, accessed user-space memory. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2011-4594, Moderate)\n\n - A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A local, unprivileged user on the host could force this situation to occur, resulting in the host crashing. (CVE-2011-4622, Moderate)\n\n - A flaw was found in the way the Linux kernel's XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk.\n (CVE-2012-0038, Moderate)\n\n - A flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest.\n (CVE-2012-0045, Moderate)\n\n - A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207, Moderate)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120306)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120306_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61277", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61277);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4347\", \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2011-4622\", \"CVE-2012-0038\", \"CVE-2012-0045\", \"CVE-2012-0207\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120306)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - A buffer overflow flaw was found in the way the Linux\n kernel's XFS file system implementation handled links\n with overly long path names. A local, unprivileged user\n could use this flaw to cause a denial of service or\n escalate their privileges by mounting a specially\n crafted disk. (CVE-2011-4077, Moderate)\n\n - Flaws in ghash_update() and ghash_final() could allow a\n local, unprivileged user to cause a denial of service.\n (CVE-2011-4081, Moderate)\n\n - A flaw was found in the Linux kernel's Journaling Block\n Device (JBD). A local, unprivileged user could use this\n flaw to crash the system by mounting a specially crafted\n ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n\n - It was found that the kvm_vm_ioctl_assign_device()\n function in the KVM (Kernel-based Virtual Machine)\n subsystem of a Linux kernel did not check if the user\n requesting device assignment was privileged or not. A\n local, unprivileged user on the host could assign unused\n PCI devices, or even devices that were in use and whose\n resources were not properly claimed by the respective\n drivers, which could result in the host crashing.\n (CVE-2011-4347, Moderate)\n\n - Two flaws were found in the way the Linux kernel's\n __sys_sendmsg() function, when invoked via the\n sendmmsg() system call, accessed user-space memory. A\n local, unprivileged user could use these flaws to cause\n a denial of service. (CVE-2011-4594, Moderate)\n\n - A flaw was found in the way the KVM subsystem of a Linux\n kernel handled PIT (Programmable Interval Timer) IRQs\n (interrupt requests) when there was no virtual interrupt\n controller set up. A local, unprivileged user on the\n host could force this situation to occur, resulting in\n the host crashing. (CVE-2011-4622, Moderate)\n\n - A flaw was found in the way the Linux kernel's XFS file\n system implementation handled on-disk Access Control\n Lists (ACLs). A local, unprivileged user could use this\n flaw to cause a denial of service or escalate their\n privileges by mounting a specially crafted disk.\n (CVE-2012-0038, Moderate)\n\n - A flaw was found in the way the Linux kernel's KVM\n hypervisor implementation emulated the syscall\n instruction for 32-bit guests. An unprivileged guest\n user could trigger this flaw to crash the guest.\n (CVE-2012-0045, Moderate)\n\n - A divide-by-zero flaw was found in the Linux kernel's\n igmp_heard_query() function. An attacker able to send\n certain IGMP (Internet Group Management Protocol)\n packets to a target system could use this flaw to cause\n a denial of service. (CVE-2012-0207, Moderate)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=1112\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0596e75a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-220.7.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:22:06", "description": "Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names.\nA local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, Moderate)\n\n* Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\n* A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local, unprivileged user could use this flaw to crash the system by mounting a specially crafted ext3 or ext4 disk.\n(CVE-2011-4132, Moderate)\n\n* It was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not.\nA local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347, Moderate)\n\n* Two flaws were found in the way the Linux kernel's __sys_sendmsg() function, when invoked via the sendmmsg() system call, accessed user-space memory. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2011-4594, Moderate)\n\n* The RHSA-2011:1530 kernel update introduced an integer overflow flaw in the Linux kernel. On PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4611, Moderate)\n\n* A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A local, unprivileged user on the host could force this situation to occur, resulting in the host crashing. (CVE-2011-4622, Moderate)\n\n* A flaw was found in the way the Linux kernel's XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk.\n(CVE-2012-0038, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045, Moderate)\n\n* A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207, Moderate)\n\nRed Hat would like to thank Nick Bowler for reporting CVE-2011-4081;\nSasha Levin for reporting CVE-2011-4347; Tetsuo Handa for reporting CVE-2011-4594; Maynard Johnson for reporting CVE-2011-4611; Wang Xi for reporting CVE-2012-0038; Stephan Barwolf for reporting CVE-2012-0045; and Simon McVittie for reporting CVE-2012-0207.\nUpstream acknowledges Mathieu Desnoyers as the original reporter of CVE-2011-4594.\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-03-08T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2012:0350)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0350.NASL", "href": "https://www.tenable.com/plugins/nessus/58275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0350 and \n# CentOS Errata and Security Advisory 2012:0350 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58275);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4347\", \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2011-4622\", \"CVE-2012-0038\", \"CVE-2012-0045\", \"CVE-2012-0207\");\n script_bugtraq_id(50366, 50370, 50663, 50811, 50984, 51081, 51172, 51343, 51380, 51389);\n script_xref(name:\"RHSA\", value:\"2012:0350\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2012:0350)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated kernel packages that fix various security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A buffer overflow flaw was found in the way the Linux kernel's XFS\nfile system implementation handled links with overly long path names.\nA local, unprivileged user could use this flaw to cause a denial of\nservice or escalate their privileges by mounting a specially crafted\ndisk. (CVE-2011-4077, Moderate)\n\n* Flaws in ghash_update() and ghash_final() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-4081,\nModerate)\n\n* A flaw was found in the Linux kernel's Journaling Block Device\n(JBD). A local, unprivileged user could use this flaw to crash the\nsystem by mounting a specially crafted ext3 or ext4 disk.\n(CVE-2011-4132, Moderate)\n\n* It was found that the kvm_vm_ioctl_assign_device() function in the\nKVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not\ncheck if the user requesting device assignment was privileged or not.\nA local, unprivileged user on the host could assign unused PCI\ndevices, or even devices that were in use and whose resources were not\nproperly claimed by the respective drivers, which could result in the\nhost crashing. (CVE-2011-4347, Moderate)\n\n* Two flaws were found in the way the Linux kernel's __sys_sendmsg()\nfunction, when invoked via the sendmmsg() system call, accessed\nuser-space memory. A local, unprivileged user could use these flaws to\ncause a denial of service. (CVE-2011-4594, Moderate)\n\n* The RHSA-2011:1530 kernel update introduced an integer overflow flaw\nin the Linux kernel. On PowerPC systems, a local, unprivileged user\ncould use this flaw to cause a denial of service. (CVE-2011-4611,\nModerate)\n\n* A flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A local,\nunprivileged user on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622, Moderate)\n\n* A flaw was found in the way the Linux kernel's XFS file system\nimplementation handled on-disk Access Control Lists (ACLs). A local,\nunprivileged user could use this flaw to cause a denial of service or\nescalate their privileges by mounting a specially crafted disk.\n(CVE-2012-0038, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM hypervisor\nimplementation emulated the syscall instruction for 32-bit guests. An\nunprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045, Moderate)\n\n* A divide-by-zero flaw was found in the Linux kernel's\nigmp_heard_query() function. An attacker able to send certain IGMP\n(Internet Group Management Protocol) packets to a target system could\nuse this flaw to cause a denial of service. (CVE-2012-0207, Moderate)\n\nRed Hat would like to thank Nick Bowler for reporting CVE-2011-4081;\nSasha Levin for reporting CVE-2011-4347; Tetsuo Handa for reporting\nCVE-2011-4594; Maynard Johnson for reporting CVE-2011-4611; Wang Xi\nfor reporting CVE-2012-0038; Stephan Barwolf for reporting\nCVE-2012-0045; and Simon McVittie for reporting CVE-2012-0207.\nUpstream acknowledges Mathieu Desnoyers as the original reporter of\nCVE-2011-4594.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-March/018468.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec4c33b1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0207\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-220.7.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-220.7.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:21:46", "description": "Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names.\nA local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, Moderate)\n\n* Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\n* A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local, unprivileged user could use this flaw to crash the system by mounting a specially crafted ext3 or ext4 disk.\n(CVE-2011-4132, Moderate)\n\n* It was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not.\nA local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347, Moderate)\n\n* Two flaws were found in the way the Linux kernel's __sys_sendmsg() function, when invoked via the sendmmsg() system call, accessed user-space memory. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2011-4594, Moderate)\n\n* The RHSA-2011:1530 kernel update introduced an integer overflow flaw in the Linux kernel. On PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4611, Moderate)\n\n* A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A local, unprivileged user on the host could force this situation to occur, resulting in the host crashing. (CVE-2011-4622, Moderate)\n\n* A flaw was found in the way the Linux kernel's XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk.\n(CVE-2012-0038, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045, Moderate)\n\n* A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207, Moderate)\n\nRed Hat would like to thank Nick Bowler for reporting CVE-2011-4081;\nSasha Levin for reporting CVE-2011-4347; Tetsuo Handa for reporting CVE-2011-4594; Maynard Johnson for reporting CVE-2011-4611; Wang Xi for reporting CVE-2012-0038; Stephan Barwolf for reporting CVE-2012-0045; and Simon McVittie for reporting CVE-2012-0207.\nUpstream acknowledges Mathieu Desnoyers as the original reporter of CVE-2011-4594.\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-03-07T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2012:0350)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0350.NASL", "href": "https://www.tenable.com/plugins/nessus/58261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0350. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58261);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4347\", \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2011-4622\", \"CVE-2012-0038\", \"CVE-2012-0045\", \"CVE-2012-0207\");\n script_bugtraq_id(50366, 50370, 50663, 50811, 50984, 51081, 51172, 51343, 51380, 51389);\n script_xref(name:\"RHSA\", value:\"2012:0350\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2012:0350)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated kernel packages that fix various security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A buffer overflow flaw was found in the way the Linux kernel's XFS\nfile system implementation handled links with overly long path names.\nA local, unprivileged user could use this flaw to cause a denial of\nservice or escalate their privileges by mounting a specially crafted\ndisk. (CVE-2011-4077, Moderate)\n\n* Flaws in ghash_update() and ghash_final() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-4081,\nModerate)\n\n* A flaw was found in the Linux kernel's Journaling Block Device\n(JBD). A local, unprivileged user could use this flaw to crash the\nsystem by mounting a specially crafted ext3 or ext4 disk.\n(CVE-2011-4132, Moderate)\n\n* It was found that the kvm_vm_ioctl_assign_device() function in the\nKVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not\ncheck if the user requesting device assignment was privileged or not.\nA local, unprivileged user on the host could assign unused PCI\ndevices, or even devices that were in use and whose resources were not\nproperly claimed by the respective drivers, which could result in the\nhost crashing. (CVE-2011-4347, Moderate)\n\n* Two flaws were found in the way the Linux kernel's __sys_sendmsg()\nfunction, when invoked via the sendmmsg() system call, accessed\nuser-space memory. A local, unprivileged user could use these flaws to\ncause a denial of service. (CVE-2011-4594, Moderate)\n\n* The RHSA-2011:1530 kernel update introduced an integer overflow flaw\nin the Linux kernel. On PowerPC systems, a local, unprivileged user\ncould use this flaw to cause a denial of service. (CVE-2011-4611,\nModerate)\n\n* A flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A local,\nunprivileged user on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622, Moderate)\n\n* A flaw was found in the way the Linux kernel's XFS file system\nimplementation handled on-disk Access Control Lists (ACLs). A local,\nunprivileged user could use this flaw to cause a denial of service or\nescalate their privileges by mounting a specially crafted disk.\n(CVE-2012-0038, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM hypervisor\nimplementation emulated the syscall instruction for 32-bit guests. An\nunprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045, Moderate)\n\n* A divide-by-zero flaw was found in the Linux kernel's\nigmp_heard_query() function. An attacker able to send certain IGMP\n(Internet Group Management Protocol) packets to a target system could\nuse this flaw to cause a denial of service. (CVE-2012-0207, Moderate)\n\nRed Hat would like to thank Nick Bowler for reporting CVE-2011-4081;\nSasha Levin for reporting CVE-2011-4347; Tetsuo Handa for reporting\nCVE-2011-4594; Maynard Johnson for reporting CVE-2011-4611; Wang Xi\nfor reporting CVE-2012-0038; Stephan Barwolf for reporting\nCVE-2012-0045; and Simon McVittie for reporting CVE-2012-0207.\nUpstream acknowledges Mathieu Desnoyers as the original reporter of\nCVE-2011-4594.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1530.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1530\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4611\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4347\", \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2011-4622\", \"CVE-2012-0038\", \"CVE-2012-0045\", \"CVE-2012-0207\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2012:0350\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0350\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-220.7.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-220.7.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:51:11", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0350 advisory.\n\n - crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. (CVE-2011-4081)\n\n - The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation. (CVE-2011-4347)\n\n - The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference. (CVE-2011-4594)\n\n - Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events.\n (CVE-2011-4611)\n\n - Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow. (CVE-2012-0038)\n\n - The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.\n (CVE-2012-0045)\n\n - The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. (CVE-2012-0207)\n\n - Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. (CVE-2011-4077)\n\n - The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an invalid log first block value. (CVE-2011-4132)\n\n - The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. (CVE-2011-4622)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2012-0350)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2012-0350.NASL", "href": "https://www.tenable.com/plugins/nessus/68491", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2012-0350.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68491);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-4077\",\n \"CVE-2011-4081\",\n \"CVE-2011-4132\",\n \"CVE-2011-4347\",\n \"CVE-2011-4594\",\n \"CVE-2011-4611\",\n \"CVE-2011-4622\",\n \"CVE-2012-0038\",\n \"CVE-2012-0045\",\n \"CVE-2012-0207\"\n );\n script_bugtraq_id(\n 50366,\n 50370,\n 50663,\n 50811,\n 50984,\n 51081,\n 51172,\n 51343,\n 51380,\n 51389\n );\n script_xref(name:\"RHSA\", value:\"2012:0350\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2012-0350)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2012-0350 advisory.\n\n - crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service\n (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or\n missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final\n function call, as demonstrated by a write operation on an AF_ALG socket. (CVE-2011-4081)\n\n - The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux\n kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which\n allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a\n KVM_ASSIGN_PCI_DEVICE operation. (CVE-2011-4347)\n\n - The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a\n denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect\n pointer dereference. (CVE-2011-4594)\n\n - Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux\n kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled\n performance monitor exception) via vectors that trigger certain outcomes of performance events.\n (CVE-2011-4611)\n\n - Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9\n allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to\n a heap-based buffer overflow. (CVE-2012-0038)\n\n - The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before\n 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a\n denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.\n (CVE-2012-0045)\n\n - The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers\n to cause a denial of service (divide-by-zero error and panic) via IGMP packets. (CVE-2012-0207)\n\n - Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when\n CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and\n crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long\n pathname. (CVE-2011-4077)\n\n - The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel\n 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4\n image with an invalid log first block value. (CVE-2011-4132)\n\n - The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not\n properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt\n controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer\n dereference) by starting a timer. (CVE-2011-4622)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2012-0350.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-220.7.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2012-0350');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-220.7.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-220.7.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-debug-2.6.32-220.7.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-220.7.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-220.7.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-220.7.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-220.7.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-220.7.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-220.7.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-220.7.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-220.7.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-220.7.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-220.7.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-220.7.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-220.7.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:20:45", "description": "The SUSE Linux Enterprise 11 SP1 kernel was updated to 2.6.32.54, fixing lots of bugs and security issues.\n\nThe following security issues have been fixed :\n\n - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127)\n\n - KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel.\n (CVE-2011-4110)\n\n - Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel.\n (CVE-2011-4081)\n\n - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077)\n\n - A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038)\n\n - A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132)\n\n - Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g.\n guessing passwords by typing speed). (CVE-2011-2494)\n\n - When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873)\n\n - When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case.\n (CVE-2010-4164)\n\n - A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed. The following non-security issues have been fixed:.\n (CVE-2011-2699)\n\n - elousb: Fixed bug in USB core API usage, code cleanup.\n (bnc#733863)\n\n - cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry. (bnc#735453)\n\n - cifs: set server_eof in cifs_fattr_to_inode.\n (bnc#735453)\n\n - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink(). (bnc#726600)\n\n - block: add and use scsi_blk_cmd_ioctl. (bnc#738400 / CVE-2011-4127)\n\n - block: fail SCSI passthrough ioctls on partition devices. (bnc#738400 / CVE-2011-4127)\n\n - dm: do not forward ioctls from logical volumes to the underlying device. (bnc#738400 / CVE-2011-4127)\n\n - Silence some warnings about ioctls on partitions.\n\n - netxen: Remove all references to unified firmware file.\n (bnc#708625)\n\n - bonding: send out gratuitous arps even with no address configured. (bnc#742270)\n\n - patches.fixes/ocfs2-serialize_unaligned_aio.patch:\n ocfs2: serialize unaligned aio. (bnc#671479)\n\n - patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references. (bnc#729854, bnc#731004)\n\n - xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time.\n\n - ipmi: reduce polling when interrupts are available.\n (bnc#740867)\n\n - ipmi: reduce polling. (bnc#740867)\n\n - Linux 2.6.32.54.\n\n - export shrink_dcache_for_umount_subtree.\n\n - patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem. (bnc#736018)\n\n - PM / Sleep: Fix race between CPU hotplug and freezer.\n (bnc#740535)\n\n - jbd: Issue cache flush after checkpointing. (bnc#731770)\n\n - lpfc: make sure job exists when processing BSG.\n (bnc#735635)\n\n - Linux 2.6.32.53.\n\n - blktap: fix locking (again). (bnc#724734)\n\n - xen: Update Xen patches to 2.6.32.52.\n\n - Linux 2.6.32.52.\n\n - Linux 2.6.32.51.\n\n - Linux 2.6.32.50.\n\n - reiserfs: Lock buffers unconditionally in reiserfs_write_full_page(). (bnc#716023)\n\n - writeback: Include all dirty inodes in background writeback. (bnc#716023)\n\n - reiserfs: Fix quota mount option parsing. (bnc#728626)\n\n - bonding: check if clients MAC addr has changed.\n (bnc#729854)\n\n - rpc client can not deal with ENOSOCK, so translate it into ENOCONN. (bnc#733146)\n\n - st: modify tape driver to allow writing immediate filemarks. (bnc#688996)\n\n - xfs: fix for xfssyncd failure to wake. (bnc#722910)\n\n - ipmi: Fix deadlock in start_next_msg().\n\n - net: bind() fix error return on wrong address family.\n (bnc#735216)\n\n - net: ipv4: relax AF_INET check in bind(). (bnc#735216)\n\n - net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs. (bnc#735216)\n\n - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported. (bnc#732296)\n\n - percpu: fix chunk range calculation. (bnc#668872)\n\n - x86, UV: Fix kdump reboot. (bnc#735446)\n\n - dm: Use done_bytes for io_completion. (bnc#711378)\n\n - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported.\n (bnc#732296)\n\n - Bluetooth: Add Atheros AR3012 one PID/VID supported.\n (bnc#732296)\n\n - fix missing hunk in oplock break patch. (bnc#706973)\n\n - patches.arch/s390-34-01-pfault-cpu-hotplug.patch:\n Refresh. Surrounded s390x lowcore change with\n __GENKSYMS__. (bnc#728339)\n\n - patches.xen/xen3-patch-2.6.30: Refresh.\n\n - sched, x86: Avoid unnecessary overflow in sched_clock.\n (bnc#725709)\n\n - ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-02-07T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5732)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3873", "CVE-2010-4164", "CVE-2011-2494", "CVE-2011-2699", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4132", "CVE-2012-0038"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KERNEL-120130.NASL", "href": "https://www.tenable.com/plugins/nessus/57854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57854);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3873\", \"CVE-2010-4164\", \"CVE-2011-2494\", \"CVE-2011-2699\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4110\", \"CVE-2011-4127\", \"CVE-2011-4132\", \"CVE-2012-0038\");\n\n script_name(english:\"SuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5732)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP1 kernel was updated to 2.6.32.54,\nfixing lots of bugs and security issues.\n\nThe following security issues have been fixed :\n\n - A potential hypervisor escape by issuing SG_IO commands\n to partitiondevices was fixed by restricting access to\n these commands. (CVE-2011-4127)\n\n - KEYS: Fix a NULL pointer deref in the user-defined key\n type, which allowed local attackers to Oops the kernel.\n (CVE-2011-4110)\n\n - Avoid potential NULL pointer deref in ghash, which\n allowed local attackers to Oops the kernel.\n (CVE-2011-4081)\n\n - Fixed a memory corruption possibility in xfs readlink,\n which could be used by local attackers to crash the\n system or potentially execute code by mounting a\n prepared xfs filesystem image. (CVE-2011-4077)\n\n - A overflow in the xfs acl handling was fixed that could\n be used by local attackers to crash the system or\n potentially execute code by mounting a prepared xfs\n filesystem image. (CVE-2012-0038)\n\n - A flaw in the ext3/ext4 filesystem allowed a local\n attacker to crash the kernel by getting a prepared\n ext3/ext4 filesystem mounted. (CVE-2011-4132)\n\n - Access to the taskstats /proc file was restricted to\n avoid local attackers gaining knowledge of IO of other\n users (and so effecting side-channel attacks for e.g.\n guessing passwords by typing speed). (CVE-2011-2494)\n\n - When using X.25 communication a malicious sender could\n corrupt data structures, causing crashes or potential\n code execution. Please note that X.25 needs to be setup\n to make this effective, which these days is usually not\n the case. (CVE-2010-3873)\n\n - When using X.25 communication a malicious sender could\n make the machine leak memory, causing crashes. Please\n note that X.25 needs to be setup to make this effective,\n which these days is usually not the case.\n (CVE-2010-4164)\n\n - A remote denial of service due to a NULL pointer\n dereference by using IPv6 fragments was fixed. The\n following non-security issues have been fixed:.\n (CVE-2011-2699)\n\n - elousb: Fixed bug in USB core API usage, code cleanup.\n (bnc#733863)\n\n - cifs: overhaul cifs_revalidate and rename to\n cifs_revalidate_dentry. (bnc#735453)\n\n - cifs: set server_eof in cifs_fattr_to_inode.\n (bnc#735453)\n\n - xfs: Fix missing xfs_iunlock() on error recovery path in\n xfs_readlink(). (bnc#726600)\n\n - block: add and use scsi_blk_cmd_ioctl. (bnc#738400 /\n CVE-2011-4127)\n\n - block: fail SCSI passthrough ioctls on partition\n devices. (bnc#738400 / CVE-2011-4127)\n\n - dm: do not forward ioctls from logical volumes to the\n underlying device. (bnc#738400 / CVE-2011-4127)\n\n - Silence some warnings about ioctls on partitions.\n\n - netxen: Remove all references to unified firmware file.\n (bnc#708625)\n\n - bonding: send out gratuitous arps even with no address\n configured. (bnc#742270)\n\n - patches.fixes/ocfs2-serialize_unaligned_aio.patch:\n ocfs2: serialize unaligned aio. (bnc#671479)\n\n -\n patches.fixes/bonding-check-if-clients-MAC-addr-has-chan\n ged.patch: Update references. (bnc#729854, bnc#731004)\n\n - xfs: Fix wait calculations on lock acquisition and use\n milliseconds instead of jiffies to print the wait time.\n\n - ipmi: reduce polling when interrupts are available.\n (bnc#740867)\n\n - ipmi: reduce polling. (bnc#740867)\n\n - Linux 2.6.32.54.\n\n - export shrink_dcache_for_umount_subtree.\n\n - patches.suse/stack-unwind: Fix more 2.6.29 merge\n problems plus a glue code problem. (bnc#736018)\n\n - PM / Sleep: Fix race between CPU hotplug and freezer.\n (bnc#740535)\n\n - jbd: Issue cache flush after checkpointing. (bnc#731770)\n\n - lpfc: make sure job exists when processing BSG.\n (bnc#735635)\n\n - Linux 2.6.32.53.\n\n - blktap: fix locking (again). (bnc#724734)\n\n - xen: Update Xen patches to 2.6.32.52.\n\n - Linux 2.6.32.52.\n\n - Linux 2.6.32.51.\n\n - Linux 2.6.32.50.\n\n - reiserfs: Lock buffers unconditionally in\n reiserfs_write_full_page(). (bnc#716023)\n\n - writeback: Include all dirty inodes in background\n writeback. (bnc#716023)\n\n - reiserfs: Fix quota mount option parsing. (bnc#728626)\n\n - bonding: check if clients MAC addr has changed.\n (bnc#729854)\n\n - rpc client can not deal with ENOSOCK, so translate it\n into ENOCONN. (bnc#733146)\n\n - st: modify tape driver to allow writing immediate\n filemarks. (bnc#688996)\n\n - xfs: fix for xfssyncd failure to wake. (bnc#722910)\n\n - ipmi: Fix deadlock in start_next_msg().\n\n - net: bind() fix error return on wrong address family.\n (bnc#735216)\n\n - net: ipv4: relax AF_INET check in bind(). (bnc#735216)\n\n - net/ipv6: check for mistakenly passed in non-AF_INET6\n sockaddrs. (bnc#735216)\n\n - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID\n supported. (bnc#732296)\n\n - percpu: fix chunk range calculation. (bnc#668872)\n\n - x86, UV: Fix kdump reboot. (bnc#735446)\n\n - dm: Use done_bytes for io_completion. (bnc#711378)\n\n - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported.\n (bnc#732296)\n\n - Bluetooth: Add Atheros AR3012 one PID/VID supported.\n (bnc#732296)\n\n - fix missing hunk in oplock break patch. (bnc#706973)\n\n - patches.arch/s390-34-01-pfault-cpu-hotplug.patch:\n Refresh. Surrounded s390x lowcore change with\n __GENKSYMS__. (bnc#728339)\n\n - patches.xen/xen3-patch-2.6.30: Refresh.\n\n - sched, x86: Avoid unnecessary overflow in sched_clock.\n (bnc#725709)\n\n - ACPI thermal: Do not invalidate thermal zone if critical\n trip point is bad.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=694945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=708625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=711378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=724734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=725709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=730118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=734056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=738400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2494.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2699.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4127.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4132.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0038.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5732.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-extra-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-desktop-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-trace-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-extra-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"ext4dev-kmp-xen-0_2.6.32.54_0.3-7.9.40\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-trace-0_2.6.32.54_0.3-0.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-trace-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-trace-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-trace-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.54-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:21:12", "description": "The SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54, fixing numerous bugs and security issues.\n\nThe following security issues have been fixed :\n\n - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127)\n\n - KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel.\n (CVE-2011-4110)\n\n - Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel.\n (CVE-2011-4081)\n\n - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077)\n\n - A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038)\n\n - A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132)\n\n - Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g.\n guessing passwords by typing speed). (CVE-2011-2494)\n\n - When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873)\n\n - When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case.\n (CVE-2010-4164)\n\n - A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed.\n (CVE-2011-2699) The following non-security issues have been fixed (excerpt from changelog) :\n\n - elousb: Fixed bug in USB core API usage, code cleanup.\n\n - cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry.\n\n - cifs: set server_eof in cifs_fattr_to_inode.\n\n - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink().\n\n - Silence some warnings about ioctls on partitions.\n\n - netxen: Remove all references to unified firmware file.\n\n - bonding: send out gratuitous arps even with no address configured.\n\n - patches.fixes/ocfs2-serialize_unaligned_aio.patch:\n ocfs2: serialize unaligned aio.\n\n - patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references.\n\n - xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time.\n\n - ipmi: reduce polling when interrupts are available.\n\n - ipmi: reduce polling.\n\n - export shrink_dcache_for_umount_subtree.\n\n - patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem.\n\n - PM / Sleep: Fix race between CPU hotplug and freezer.\n\n - jbd: Issue cache flush after checkpointing.\n\n - lpfc: make sure job exists when processing BSG.\n\n - blktap: fix locking (again).\n\n - xen: Update Xen patches to 2.6.32.52.\n\n - reiserfs: Lock buffers unconditionally in reiserfs_write_full_page().\n\n - writeback: Include all dirty inodes in background writeback.\n\n - reiserfs: Fix quota mount option parsing.\n\n - bonding: check if clients MAC addr has changed.\n\n - rpc client can not deal with ENOSOCK, so translate it into ENOCONN.\n\n - st: modify tape driver to allow writing immediate filemarks.\n\n - xfs: fix for xfssyncd failure to wake.\n\n - ipmi: Fix deadlock in start_next_msg().\n\n - net: bind() fix error return on wrong address family.\n\n - net: ipv4: relax AF_INET check in bind().\n\n - net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs.\n\n - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported.\n\n - percpu: fix chunk range calculation.\n\n - x86, UV: Fix kdump reboot.\n\n - dm: Use done_bytes for io_completion.\n\n - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported.\n\n - Bluetooth: Add Atheros AR3012 one PID/VID supported.\n\n - fix missing hunk in oplock break patch.\n\n - patches.arch/s390-34-01-pfault-cpu-hotplug.patch:\n Refresh.\n\n - Surrounded s390x lowcore change with __GENKSYMS__\n\n - patches.xen/xen3-patch-2.6.30: Refresh.\n\n - sched, x86: Avoid unnecessary overflow in sched_clock.\n\n - ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-02-07T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Linux Kernel (SAT Patch Numbers 5723 / 5725)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3873", "CVE-2010-4164", "CVE-2011-2494", "CVE-2011-2699", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4132", "CVE-2012-0038"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KERNEL-120129.NASL", "href": "https://www.tenable.com/plugins/nessus/57853", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57853);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3873\", \"CVE-2010-4164\", \"CVE-2011-2494\", \"CVE-2011-2699\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4110\", \"CVE-2011-4127\", \"CVE-2011-4132\", \"CVE-2012-0038\");\n\n script_name(english:\"SuSE 11.1 Security Update : Linux Kernel (SAT Patch Numbers 5723 / 5725)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54,\nfixing numerous bugs and security issues.\n\nThe following security issues have been fixed :\n\n - A potential hypervisor escape by issuing SG_IO commands\n to partitiondevices was fixed by restricting access to\n these commands. (CVE-2011-4127)\n\n - KEYS: Fix a NULL pointer deref in the user-defined key\n type, which allowed local attackers to Oops the kernel.\n (CVE-2011-4110)\n\n - Avoid potential NULL pointer deref in ghash, which\n allowed local attackers to Oops the kernel.\n (CVE-2011-4081)\n\n - Fixed a memory corruption possibility in xfs readlink,\n which could be used by local attackers to crash the\n system or potentially execute code by mounting a\n prepared xfs filesystem image. (CVE-2011-4077)\n\n - A overflow in the xfs acl handling was fixed that could\n be used by local attackers to crash the system or\n potentially execute code by mounting a prepared xfs\n filesystem image. (CVE-2012-0038)\n\n - A flaw in the ext3/ext4 filesystem allowed a local\n attacker to crash the kernel by getting a prepared\n ext3/ext4 filesystem mounted. (CVE-2011-4132)\n\n - Access to the taskstats /proc file was restricted to\n avoid local attackers gaining knowledge of IO of other\n users (and so effecting side-channel attacks for e.g.\n guessing passwords by typing speed). (CVE-2011-2494)\n\n - When using X.25 communication a malicious sender could\n corrupt data structures, causing crashes or potential\n code execution. Please note that X.25 needs to be setup\n to make this effective, which these days is usually not\n the case. (CVE-2010-3873)\n\n - When using X.25 communication a malicious sender could\n make the machine leak memory, causing crashes. Please\n note that X.25 needs to be setup to make this effective,\n which these days is usually not the case.\n (CVE-2010-4164)\n\n - A remote denial of service due to a NULL pointer\n dereference by using IPv6 fragments was fixed.\n (CVE-2011-2699) The following non-security issues have\n been fixed (excerpt from changelog) :\n\n - elousb: Fixed bug in USB core API usage, code cleanup.\n\n - cifs: overhaul cifs_revalidate and rename to\n cifs_revalidate_dentry.\n\n - cifs: set server_eof in cifs_fattr_to_inode.\n\n - xfs: Fix missing xfs_iunlock() on error recovery path in\n xfs_readlink().\n\n - Silence some warnings about ioctls on partitions.\n\n - netxen: Remove all references to unified firmware file.\n\n - bonding: send out gratuitous arps even with no address\n configured.\n\n - patches.fixes/ocfs2-serialize_unaligned_aio.patch:\n ocfs2: serialize unaligned aio.\n\n -\n patches.fixes/bonding-check-if-clients-MAC-addr-has-chan\n ged.patch: Update references.\n\n - xfs: Fix wait calculations on lock acquisition and use\n milliseconds instead of jiffies to print the wait time.\n\n - ipmi: reduce polling when interrupts are available.\n\n - ipmi: reduce polling.\n\n - export shrink_dcache_for_umount_subtree.\n\n - patches.suse/stack-unwind: Fix more 2.6.29 merge\n problems plus a glue code problem.\n\n - PM / Sleep: Fix race between CPU hotplug and freezer.\n\n - jbd: Issue cache flush after checkpointing.\n\n - lpfc: make sure job exists when processing BSG.\n\n - blktap: fix locking (again).\n\n - xen: Update Xen patches to 2.6.32.52.\n\n - reiserfs: Lock buffers unconditionally in\n reiserfs_write_full_page().\n\n - writeback: Include all dirty inodes in background\n writeback.\n\n - reiserfs: Fix quota mount option parsing.\n\n - bonding: check if clients MAC addr has changed.\n\n - rpc client can not deal with ENOSOCK, so translate it\n into ENOCONN.\n\n - st: modify tape driver to allow writing immediate\n filemarks.\n\n - xfs: fix for xfssyncd failure to wake.\n\n - ipmi: Fix deadlock in start_next_msg().\n\n - net: bind() fix error return on wrong address family.\n\n - net: ipv4: relax AF_INET check in bind().\n\n - net/ipv6: check for mistakenly passed in non-AF_INET6\n sockaddrs.\n\n - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID\n supported.\n\n - percpu: fix chunk range calculation.\n\n - x86, UV: Fix kdump reboot.\n\n - dm: Use done_bytes for io_completion.\n\n - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported.\n\n - Bluetooth: Add Atheros AR3012 one PID/VID supported.\n\n - fix missing hunk in oplock break patch.\n\n - patches.arch/s390-34-01-pfault-cpu-hotplug.patch:\n Refresh.\n\n - Surrounded s390x lowcore change with __GENKSYMS__\n\n - patches.xen/xen3-patch-2.6.30: Refresh.\n\n - sched, x86: Avoid unnecessary overflow in sched_clock.\n\n - ACPI thermal: Do not invalidate thermal zone if critical\n trip point is bad.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=694945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=708625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=711378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=724734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=725709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=730118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=734056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=738400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2494.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2699.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4127.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4132.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0038.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 5723 / 5725 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.54_0.3-0.18.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-extra-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-desktop-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-extra-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-trace-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-extra-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-pae-0_2.6.32.54_0.3-7.9.40\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-xen-0_2.6.32.54_0.3-7.9.40\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.54_0.3-0.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-trace-0_2.6.32.54_0.3-0.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-default-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-default-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-trace-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-trace-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-trace-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-default-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-default-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-default-devel-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-default-man-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-source-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-syms-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-trace-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-trace-base-2.6.32.54-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-trace-devel-2.6.32.54-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:40:15", "description": "An updated rhev-hypervisor6 package that fixes two security issues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045)\n\nA divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207)\n\nRed Hat would like to thank Stephan Barwolf for reporting CVE-2012-0045, and Simon McVittie for reporting CVE-2012-0207.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4347, CVE-2011-4594, CVE-2011-4611, CVE-2011-4622 and CVE-2012-0038 (kernel issues)\n\nCVE-2012-0444 (libvorbis issue)\n\nCVE-2012-0841 (libxml2 issue)\n\nThis update also fixes the following bug :\n\n* The rhev-hypervisor5 and rhev-hypervisor6 packages sometimes updated the symbolic links in the /usr/share/rhev-hypervisor/ directory with incorrect targets. The packages have been updated, they now always update the symbolic links with the correct targets. (BZ#784706)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2012:0422)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207", "CVE-2012-0444", "CVE-2012-0841"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6-tools", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0422.NASL", "href": "https://www.tenable.com/plugins/nessus/79285", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0422. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79285);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0045\", \"CVE-2012-0207\");\n script_bugtraq_id(51343, 51389);\n script_xref(name:\"RHSA\", value:\"2012:0422\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2012:0422)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes two security issues and\none bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way the Linux kernel's KVM hypervisor\nimplementation emulated the syscall instruction for 32-bit guests. An\nunprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045)\n\nA divide-by-zero flaw was found in the Linux kernel's\nigmp_heard_query() function. An attacker able to send certain IGMP\n(Internet Group Management Protocol) packets to a target system could\nuse this flaw to cause a denial of service. (CVE-2012-0207)\n\nRed Hat would like to thank Stephan Barwolf for reporting\nCVE-2012-0045, and Simon McVittie for reporting CVE-2012-0207.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4347,\nCVE-2011-4594, CVE-2011-4611, CVE-2011-4622 and CVE-2012-0038 (kernel\nissues)\n\nCVE-2012-0444 (libvorbis issue)\n\nCVE-2012-0841 (libxml2 issue)\n\nThis update also fixes the following bug :\n\n* The rhev-hypervisor5 and rhev-hypervisor6 packages sometimes updated\nthe symbolic links in the /usr/share/rhev-hypervisor/ directory with\nincorrect targets. The packages have been updated, they now always\nupdate the symbolic links with the correct targets. (BZ#784706)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0422\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhev-hypervisor6 and / or rhev-hypervisor6-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0422\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.2-20120320.0.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-tools-6.2-20120320.0.el6_2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6 / rhev-hypervisor6-tools\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:33:10", "description": "The openSUSE 11.3 kernel was updated to fix various bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used.\n\nCVE-2011-2525: A flaw allowed the tc_fill_qdisc() function in the Linux kernels packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could have used this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n\nCVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n\nCVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-1576: The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\\0' character.\n\nCVE-2011-1770: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.\n\nCVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic.\n\nCVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory.\n\nCVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel.\n\nCVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3880", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1770", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2525", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-4081", "CVE-2011-4604"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vmi", "p-cpe:/a:novell:opensuse:kernel-vmi-base", "p-cpe:/a:novell:opensuse:kernel-vmi-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:preload-kmp-default", "p-cpe:/a:novell:opensuse:preload-kmp-desktop", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_KERNEL-120104.NASL", "href": "https://www.tenable.com/plugins/nessus/75557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-5605.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75557);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3880\", \"CVE-2011-1478\", \"CVE-2011-1576\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-4081\", \"CVE-2011-4604\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)\");\n script_summary(english:\"Check for the kernel-5605 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.3 kernel was updated to fix various bugs and security\nissues.\n\nFollowing security issues have been fixed: CVE-2011-4604: If root does\nread() on a specific socket, it's possible to corrupt (kernel) memory\nover network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol\nis used.\n\nCVE-2011-2525: A flaw allowed the tc_fill_qdisc() function in the\nLinux kernels packet scheduler API implementation to be called on\nbuilt-in qdisc structures. A local, unprivileged user could have used\nthis flaw to trigger a NULL pointer dereference, resulting in a denial\nof service.\n\nCVE-2011-2699: Fernando Gont discovered that the IPv6 stack used\npredictable fragment identification numbers. A remote attacker could\nexploit this to exhaust network resources, leading to a denial of\nservice.\n\nCVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c\nin the Linux kernel did not properly audit INET_DIAG bytecode, which\nallowed local users to cause a denial of service (kernel infinite\nloop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\nmessage, as demonstrated by an INET_DIAG_BC_JMP instruction with a\nzero yes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-1576: The Generic Receive Offload (GRO) implementation in the\nLinux kernel allowed remote attackers to cause a denial of service via\ncrafted VLAN packets that are processed by the napi_reuse_skb\nfunction, leading to (1) a memory leak or (2) memory corruption, a\ndifferent vulnerability than CVE-2011-1478.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write function in\nnet/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have\nallowed local users to cause a denial of service or have unspecified\nother impact via a crafted write operation, related to string data\nthat lacks a terminating '\\0' character.\n\nCVE-2011-1770: Integer underflow in the dccp_parse_options function\n(net/dccp/options.c) in the Linux kernel allowed remote attackers to\ncause a denial of service via a Datagram Congestion Control Protocol\n(DCCP) packet with an invalid feature options length, which triggered\na buffer over-read.\n\nCVE-2011-2723: The skb_gro_header_slow function in\ninclude/linux/netdevice.h in the Linux kernel, when Generic Receive\nOffload (GRO) is enabled, reset certain fields in incorrect\nsituations, which allowed remote attackers to cause a denial of\nservice (system crash) via crafted network traffic.\n\nCVE-2011-2898: A kernel information leak in the AF_PACKET protocol was\nfixed which might have allowed local attackers to read kernel memory.\n\nCVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs\nfilesystems was fixed which could be used by local attackers to crash\nthe kernel.\n\nCVE-2011-4081: Using the crypto interface a local user could Oops the\nkernel by writing to a AF_ALG socket.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=710235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-extra-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-vanilla-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-syms-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-default-1.1_k2.6.34.10_0.6-19.1.37\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-desktop-1.1_k2.6.34.10_0.6-19.1.37\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:35:07", "description": "Updated kernel-rt packages that fix several security issues and two bugs are now available for Red Hat Enterprise MRG 2.0.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important)\n\n* The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on were handled could allow a remote attacker to cause a denial of service. (CVE-2011-4326, Important)\n\n* GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)\n\n* IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate)\n\n* A flaw in the FUSE (Filesystem in Userspace) implementation could allow a local user in the fuse group who has access to mount a FUSE file system to cause a denial of service. (CVE-2011-3353, Moderate)\n\n* A flaw in the b43 driver. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate)\n\n* A flaw in the way CIFS shares with DFS referrals at their root were handled could allow an attacker on the local network, who is able to deploy a malicious CIFS server, to create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate)\n\n* A flaw in the m_stop() implementation could allow a local, unprivileged user to trigger a denial of service. (CVE-2011-3637, Moderate)\n\n* Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\n* A flaw in the key management facility could allow a local, unprivileged user to cause a denial of service via the keyctl utility.\n(CVE-2011-4110, Moderate)\n\n* A flaw in the Journaling Block Device (JBD) could allow a local attacker to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n\n* A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low)\n\n* I/O statistics from the taskstats subsystem could be read without any restrictions, which could allow a local, unprivileged user to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low)\n\n* Flaws in tpacket_rcv() and packet_recvmsg() could allow a local, unprivileged user to leak information to user-space. (CVE-2011-2898, Low)\n\nRed Hat would like to thank Darren Lavender for reporting CVE-2011-3191; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for reporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494.\n\nThis update also fixes the following bugs :\n\n* Previously, a mismatch in the build-id of the kernel-rt and the one in the related debuginfo package caused failures in SystemTap and perf. (BZ#768413)\n\n* IBM x3650m3 systems were not able to boot the MRG Realtime kernel because they require a pmcraid driver that was not available. The pmcraid driver is included in this update. (BZ#753992)\n\nUsers should upgrade to these updated packages, which correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2014-07-22T00:00:00", "type": "nessus", "title": "RHEL 6 : MRG (RHSA-2012:0010)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1162", "CVE-2011-2494", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-3359", "CVE-2011-3363", "CVE-2011-3637", "CVE-2011-4081", "CVE-2011-4110", "CVE-2011-4132", "CVE-2011-4326"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0010.NASL", "href": "https://www.tenable.com/plugins/nessus/76635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0010. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76635);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-2494\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3353\", \"CVE-2011-3359\", \"CVE-2011-3363\", \"CVE-2011-3637\", \"CVE-2011-4081\", \"CVE-2011-4110\", \"CVE-2011-4132\", \"CVE-2011-4326\");\n script_bugtraq_id(48929, 48986, 49289, 49295, 49527, 49626, 49629, 50314, 50366, 50663, 50751, 50755, 50764);\n script_xref(name:\"RHSA\", value:\"2012:0010\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2012:0010)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix several security issues and two\nbugs are now available for Red Hat Enterprise MRG 2.0.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A malicious CIFS (Common Internet File System) server could send a\nspecially crafted response to a directory read request that would\nresult in a denial of service or privilege escalation on a system that\nhas a CIFS share mounted. (CVE-2011-3191, Important)\n\n* The way fragmented IPv6 UDP datagrams over the bridge with UDP\nFragmentation Offload (UFO) functionality on were handled could allow\na remote attacker to cause a denial of service. (CVE-2011-4326,\nImportant)\n\n* GRO (Generic Receive Offload) fields could be left in an\ninconsistent state. An attacker on the local network could use this\nflaw to cause a denial of service. GRO is enabled by default in all\nnetwork drivers that support it. (CVE-2011-2723, Moderate)\n\n* IPv4 and IPv6 protocol sequence number and fragment ID generation\ncould allow a man-in-the-middle attacker to inject packets and\npossibly hijack connections. Protocol sequence numbers and fragment\nIDs are now more random. (CVE-2011-3188, Moderate)\n\n* A flaw in the FUSE (Filesystem in Userspace) implementation could\nallow a local user in the fuse group who has access to mount a FUSE\nfile system to cause a denial of service. (CVE-2011-3353, Moderate)\n\n* A flaw in the b43 driver. If a system had an active wireless\ninterface that uses the b43 driver, an attacker able to send a\nspecially crafted frame to that interface could cause a denial of\nservice. (CVE-2011-3359, Moderate)\n\n* A flaw in the way CIFS shares with DFS referrals at their root were\nhandled could allow an attacker on the local network, who is able to\ndeploy a malicious CIFS server, to create a CIFS network share that,\nwhen mounted, would cause the client system to crash. (CVE-2011-3363,\nModerate)\n\n* A flaw in the m_stop() implementation could allow a local,\nunprivileged user to trigger a denial of service. (CVE-2011-3637,\nModerate)\n\n* Flaws in ghash_update() and ghash_final() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-4081,\nModerate)\n\n* A flaw in the key management facility could allow a local,\nunprivileged user to cause a denial of service via the keyctl utility.\n(CVE-2011-4110, Moderate)\n\n* A flaw in the Journaling Block Device (JBD) could allow a local\nattacker to crash the system by mounting a specially crafted ext3 or\next4 disk. (CVE-2011-4132, Moderate)\n\n* A flaw in the way memory containing security-related data was\nhandled in tpm_read() could allow a local, unprivileged user to read\nthe results of a previously run TPM command. (CVE-2011-1162, Low)\n\n* I/O statistics from the taskstats subsystem could be read without\nany restrictions, which could allow a local, unprivileged user to\ngather confidential information, such as the length of a password used\nin a process. (CVE-2011-2494, Low)\n\n* Flaws in tpacket_rcv() and packet_recvmsg() could allow a local,\nunprivileged user to leak information to user-space. (CVE-2011-2898,\nLow)\n\nRed Hat would like to thank Darren Lavender for reporting\nCVE-2011-3191; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky\nfor reporting CVE-2011-3188; Yogesh Sharma for reporting\nCVE-2011-3363; Nick Bowler for reporting CVE-2011-4081; Peter Huewe\nfor reporting CVE-2011-1162; and Vasiliy Kulikov of Openwall for\nreporting CVE-2011-2494.\n\nThis update also fixes the following bugs :\n\n* Previously, a mismatch in the build-id of the kernel-rt and the one\nin the related debuginfo package caused failures in SystemTap and\nperf. (BZ#768413)\n\n* IBM x3650m3 systems were not able to boot the MRG Realtime kernel\nbecause they require a pmcraid driver that was not available. The\npmcraid driver is included in this update. (BZ#753992)\n\nUsers should upgrade to these updated packages, which correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0010\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1162\", \"CVE-2011-2494\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3353\", \"CVE-2011-3359\", \"CVE-2011-3363\", \"CVE-2011-3637\", \"CVE-2011-4081\", \"CVE-2011-4110\", \"CVE-2011-4132\", \"CVE-2011-4326\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2012:0010\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0010\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.79.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-2.6.33.9-rt31.79.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:33:47", "description": "The openSUSE 11.4 kernel was updated to fix bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used.\n\nCVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n\nCVE-2011-1173: A kernel information leak via ip6_tables was fixed.\n\nCVE-2011-1172: A kernel information leak via ip6_tables netfilter was fixed.\n\nCVE-2011-1171: A kernel information leak via ip_tables was fixed.\n\nCVE-2011-1170: A kernel information leak via arp_tables was fixed.\n\nCVE-2011-1080: A kernel information leak via netfilter was fixed.\n\nCVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '0' character.\n\nCVE-2011-1770: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.\n\nCVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic.\n\nCVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory.\n\nCVE-2011-4087: A local denial of service when using bridged networking via a flood ping was fixed.\n\nCVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel.\n\nCVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2012:0236-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3880", "CVE-2011-1080", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-1770", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4604"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vmi", "p-cpe:/a:novell:opensuse:kernel-vmi-base", "p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vmi-debugsource", "p-cpe:/a:novell:opensuse:kernel-vmi-devel", "p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:preload-kmp-default", "p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:preload-kmp-desktop", "p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_KERNEL-120104.NASL", "href": "https://www.tenable.com/plugins/nessus/75882", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-5606.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75882);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3880\", \"CVE-2011-1080\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4604\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2012:0236-1)\");\n script_summary(english:\"Check for the kernel-5606 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.4 kernel was updated to fix bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2011-4604: If root does\nread() on a specific socket, it's possible to corrupt (kernel) memory\nover network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol\nis used.\n\nCVE-2011-2699: Fernando Gont discovered that the IPv6 stack used\npredictable fragment identification numbers. A remote attacker could\nexploit this to exhaust network resources, leading to a denial of\nservice.\n\nCVE-2011-1173: A kernel information leak via ip6_tables was fixed.\n\nCVE-2011-1172: A kernel information leak via ip6_tables netfilter was\nfixed.\n\nCVE-2011-1171: A kernel information leak via ip_tables was fixed.\n\nCVE-2011-1170: A kernel information leak via arp_tables was fixed.\n\nCVE-2011-1080: A kernel information leak via netfilter was fixed.\n\nCVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c\nin the Linux kernel did not properly audit INET_DIAG bytecode, which\nallowed local users to cause a denial of service (kernel infinite\nloop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\nmessage, as demonstrated by an INET_DIAG_BC_JMP instruction with a\nzero yes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write function in\nnet/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have\nallowed local users to cause a denial of service or have unspecified\nother impact via a crafted write operation, related to string data\nthat lacks a terminating '0' character.\n\nCVE-2011-1770: Integer underflow in the dccp_parse_options function\n(net/dccp/options.c) in the Linux kernel allowed remote attackers to\ncause a denial of service via a Datagram Congestion Control Protocol\n(DCCP) packet with an invalid feature options length, which triggered\na buffer over-read.\n\nCVE-2011-2723: The skb_gro_header_slow function in\ninclude/linux/netdevice.h in the Linux kernel, when Generic Receive\nOffload (GRO) is enabled, reset certain fields in incorrect\nsituations, which allowed remote attackers to cause a denial of\nservice (system crash) via crafted network traffic.\n\nCVE-2011-2898: A kernel information leak in the AF_PACKET protocol was\nfixed which might have allowed local attackers to read kernel memory.\n\nCVE-2011-4087: A local denial of service when using bridged networking\nvia a flood ping was fixed.\n\nCVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs\nfilesystems was fixed which could be used by local attackers to crash\nthe kernel.\n\nCVE-2011-4081: Using the crypto interface a local user could Oops the\nkernel by writing to a AF_ALG socket.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=676602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=679059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=710235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=723999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00036.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-base-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-base-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-debugsource-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-devel-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-base-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-base-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-debugsource-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-devel-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-base-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-base-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-debugsource-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-devel-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-base-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-base-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-debugsource-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-devel-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-extra-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-extra-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-base-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-base-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-debugsource-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-devel-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-source-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-source-vanilla-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-syms-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-base-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-base-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-debugsource-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-devel-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-base-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-base-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-debugsource-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-devel-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-base-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-base-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-debugsource-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-devel-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-base-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-base-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-debugsource-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-devel-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-devel-debuginfo-2.6.37.6-0.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-default-1.2_k2.6.37.6_0.11-6.7.28\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-default-debuginfo-1.2_k2.6.37.6_0.11-6.7.28\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-desktop-1.2_k2.6.37.6_0.11-6.7.28\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-desktop-debuginfo-1.2_k2.6.37.6_0.11-6.7.28\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:20:53", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1287-1", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1287-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840940", "href": "http://plugins.openvas.org/nasl.php?oid=840940", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1287_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1287-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1287-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 11.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1287-1/\");\n script_id(840940);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 10:51:21 +0530 (Fri, 16 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2011-4081\");\n script_xref(name: \"USN\", value: \"1287-1\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1287-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-1206-omap4\", ver:\"3.0.0-1206.13\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:48", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1313-1", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-oneiric USN-1313-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1313_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-oneiric USN-1313-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1313-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840847\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:35:08 +0530 (Fri, 23 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1313-1\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2011-4081\");\n script_name(\"Ubuntu Update for linux-lts-backport-oneiric USN-1313-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1313-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-oneiric on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-14-generic\", ver:\"3.0.0-14.23~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-14-generic-pae\", ver:\"3.0.0-14.23~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-14-server\", ver:\"3.0.0-14.23~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-14-virtual\", ver:\"3.0.0-14.23~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1287-1", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1287-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840940", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840940", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1287_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1287-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1287-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840940\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 10:51:21 +0530 (Fri, 16 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2011-4081\");\n script_xref(name:\"USN\", value:\"1287-1\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1287-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1287-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 11.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-1206-omap4\", ver:\"3.0.0-1206.13\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:13", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1313-1", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-oneiric USN-1313-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840847", "href": "http://plugins.openvas.org/nasl.php?oid=840847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1313_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-oneiric USN-1313-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1313-1\";\ntag_affected = \"linux-lts-backport-oneiric on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1313-1/\");\n script_id(840847);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:35:08 +0530 (Fri, 23 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1313-1\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2011-4081\");\n script_name(\"Ubuntu Update for linux-lts-backport-oneiric USN-1313-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-14-generic\", ver:\"3.0.0-14.23~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-14-generic-pae\", ver:\"3.0.0-14.23~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-14-server\", ver:\"3.0.0-14.23~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-14-virtual\", ver:\"3.0.0-14.23~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-03-17T23:04:05", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2011-22)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1083", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120395", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120395\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 11:24:37 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2011-22)\");\n script_tag(name:\"insight\", value:\"The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.\");\n script_tag(name:\"solution\", value:\"Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2011-22.html\");\n script_cve_id(\"CVE-2011-4081\", \"CVE-2011-1083\", \"CVE-2011-4077\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.35.14~103.47.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.35.14~103.47.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.35.14~103.47.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.35.14~103.47.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.35.14~103.47.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.35.14~103.47.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:34", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1301-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1301-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840841", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840841", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1301_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1301-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1301-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840841\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:11:50 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1301-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1301-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1301-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-natty on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic\", ver:\"2.6.38-13.53~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic-pae\", ver:\"2.6.38-13.53~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-server\", ver:\"2.6.38-13.53~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-virtual\", ver:\"2.6.38-13.53~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:03", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1312-1", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1312-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840853", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840853", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1312_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1312-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1312-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840853\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:35:45 +0530 (Fri, 23 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1312-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1312-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1312-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic-pae\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-omap\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc-smp\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc64-smp\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-server\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-versatile\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-virtual\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:28", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1312-1", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1312-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840853", "href": "http://plugins.openvas.org/nasl.php?oid=840853", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1312_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1312-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1312-1\";\ntag_affected = \"linux on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1312-1/\");\n script_id(840853);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:35:45 +0530 (Fri, 23 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1312-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1312-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic-pae\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-omap\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc-smp\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc64-smp\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-server\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-versatile\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-virtual\", ver:\"2.6.38-13.53\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:26:58", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1301-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1301-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840841", "href": "http://plugins.openvas.org/nasl.php?oid=840841", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1301_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1301-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1301-1\";\ntag_affected = \"linux-lts-backport-natty on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1301-1/\");\n script_id(840841);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:11:50 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1301-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1301-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic\", ver:\"2.6.38-13.53~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic-pae\", ver:\"2.6.38-13.53~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-server\", ver:\"2.6.38-13.53~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-virtual\", ver:\"2.6.38-13.53~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1302-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1302-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840843", "href": "http://plugins.openvas.org/nasl.php?oid=840843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1302_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1302-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1302-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1302-1/\");\n script_id(840843);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:11:56 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1302-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1302-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.28\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:38", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1293-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1293-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840832", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1293_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1293-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1293-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840832\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:53:48 +0530 (Fri, 09 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1293-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1293-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1293-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic-pae\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-omap\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc-smp\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc64-smp\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-server\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-versatile\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-virtual\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:16", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1292-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-maverick USN-1292-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840829", "href": "http://plugins.openvas.org/nasl.php?oid=840829", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1292_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-maverick USN-1292-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n \n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n \n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n \n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1292-1\";\ntag_affected = \"linux-lts-backport-maverick on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1292-1/\");\n script_id(840829);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:52:50 +0530 (Fri, 09 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1292-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-lts-backport-maverick USN-1292-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic\", ver:\"2.6.35-31.63~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic-pae\", ver:\"2.6.35-31.63~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-server\", ver:\"2.6.35-31.63~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-virtual\", ver:\"2.6.35-31.63~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:27", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1292-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-maverick USN-1292-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840829", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840829", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1292_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-maverick USN-1292-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1292-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840829\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:52:50 +0530 (Fri, 09 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1292-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-lts-backport-maverick USN-1292-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1292-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-maverick on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic\", ver:\"2.6.35-31.63~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic-pae\", ver:\"2.6.35-31.63~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-server\", ver:\"2.6.35-31.63~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-virtual\", ver:\"2.6.35-31.63~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:37", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1293-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1293-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840832", "href": "http://plugins.openvas.org/nasl.php?oid=840832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1293_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1293-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1293-1\";\ntag_affected = \"linux on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1293-1/\");\n script_id(840832);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:53:48 +0530 (Fri, 09 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1293-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1293-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic-pae\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-omap\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc-smp\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc64-smp\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-server\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-versatile\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-virtual\", ver:\"2.6.35-31.63\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:52", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1302-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1302-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1302_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1302-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1302-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840843\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:11:56 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1302-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1302-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1302-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.28\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:40", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1311-1", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1311-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1162", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840851", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840851", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1311_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1311-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1311-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840851\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:35:34 +0530 (Fri, 23 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1311-1\");\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\",\n \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1311-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1311-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Peter Huewe discovered an information leak in the handling of reading\n security-related TPM data. A local, unprivileged user could read the\n results of a previous TPM command. (CVE-2011-1162)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-386\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-generic\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-generic-pae\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-ia64\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-lpia\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-powerpc\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-powerpc-smp\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-powerpc64-smp\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-preempt\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-server\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-sparc64\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-sparc64-smp\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-versatile\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-virtual\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:30", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1303-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1303-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1162", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840844", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840844", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1303_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-mvl-dove USN-1303-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1303-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840844\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:12:02 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1303-1\");\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1303-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1303-1\");\n script_tag(name:\"affected\", value:\"linux-mvl-dove on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Peter Huewe discovered an information leak in the handling of reading\n security-related TPM data. A local, unprivileged user could read the\n results of a previous TPM command. (CVE-2011-1162)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-421-dove\", ver:\"2.6.32-421.39\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1311-1", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1311-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1162", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840851", "href": "http://plugins.openvas.org/nasl.php?oid=840851", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1311_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1311-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Peter Huewe discovered an information leak in the handling of reading\n security-related TPM data. A local, unprivileged user could read the\n results of a previous TPM command. (CVE-2011-1162)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1311-1\";\ntag_affected = \"linux on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1311-1/\");\n script_id(840851);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:35:34 +0530 (Fri, 23 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1311-1\");\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\",\n \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1311-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-386\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-generic\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-generic-pae\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-ia64\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-lpia\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-powerpc\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-powerpc-smp\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-powerpc64-smp\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-preempt\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-server\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-sparc64\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-sparc64-smp\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-versatile\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-37-virtual\", ver:\"2.6.32-37.81\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:27", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1299-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1299-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1162", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840838", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1299_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-1299-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1299-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840838\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:11:34 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1299-1\");\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\",\n \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1299-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1299-1\");\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Peter Huewe discovered an information leak in the handling of reading\n security-related TPM data. A local, unprivileged user could read the\n results of a previous TPM command. (CVE-2011-1162)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-341-ec2\", ver:\"2.6.32-341.42\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:42", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1304-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1304-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4087", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840840", "href": "http://plugins.openvas.org/nasl.php?oid=840840", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1304_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1304-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n Scot Doyle discovered that the bridge networking interface incorrectly\n handled certain network packets. A remote attacker could exploit this to\n crash the system, leading to a denial of service. (CVE-2011-4087)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1304-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1304-1/\");\n script_id(840840);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:11:43 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1304-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1304-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.18\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:40", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1322-1", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1322-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4110", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-2203", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840945", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840945", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1322_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1322-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1322-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840945\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 10:52:51 +0530 (Fri, 16 Mar 2012)\");\n script_cve_id(\"CVE-2011-2203\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4110\",\n \"CVE-2011-4132\", \"CVE-2011-4330\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1322-1\");\n script_name(\"Ubuntu Update for linux USN-1322-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1322-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 11.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Clement Lecigne discovered a bug in the HFS filesystem. A local attacker\n could exploit this to cause a kernel oops. (CVE-2011-2203)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in how the Linux kernel handles user-defined key types. An\n unprivileged local user could exploit this to crash the system.\n (CVE-2011-4110)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-generic\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-generic-pae\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-omap\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-powerpc\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-powerpc-smp\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-powerpc64-smp\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-server\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-virtual\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:47", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1304-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1304-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4087", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840840", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840840", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1304_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1304-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1304-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840840\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:11:43 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1304-1\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1304-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1304-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n Scot Doyle discovered that the bridge networking interface incorrectly\n handled certain network packets. A remote attacker could exploit this to\n crash the system, leading to a denial of service. (CVE-2011-4087)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.18\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:19:45", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1322-1", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1322-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4110", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-2203", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840945", "href": "http://plugins.openvas.org/nasl.php?oid=840945", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1322_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for linux USN-1322-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Clement Lecigne discovered a bug in the HFS filesystem. A local attacker\n could exploit this to cause a kernel oops. (CVE-2011-2203)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in how the Linux kernel handles user-defined key types. An\n unprivileged local user could exploit this to crash the system.\n (CVE-2011-4110)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1322-1\";\ntag_affected = \"linux on Ubuntu 11.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1322-1/\");\n script_id(840945);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 10:52:51 +0530 (Fri, 16 Mar 2012)\");\n script_cve_id(\"CVE-2011-2203\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4110\",\n \"CVE-2011-4132\", \"CVE-2011-4330\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1322-1\");\n script_name(\"Ubuntu Update for linux USN-1322-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-generic\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-generic-pae\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-omap\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-powerpc\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-powerpc-smp\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-powerpc64-smp\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-server\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-15-virtual\", ver:\"3.0.0-15.25\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:20", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1303-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1303-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1162", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840844", "href": "http://plugins.openvas.org/nasl.php?oid=840844", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1303_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-mvl-dove USN-1303-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Peter Huewe discovered an information leak in the handling of reading\n security-related TPM data. A local, unprivileged user could read the\n results of a previous TPM command. (CVE-2011-1162)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1303-1\";\ntag_affected = \"linux-mvl-dove on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1303-1/\");\n script_id(840844);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:12:02 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1303-1\");\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1303-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-421-dove\", ver:\"2.6.32-421.39\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:26", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1299-1", "cvss3": {}, "published": "2011-12-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1299-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1162", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840838", "href": "http://plugins.openvas.org/nasl.php?oid=840838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1299_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ec2 USN-1299-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Peter Huewe discovered an information leak in the handling of reading\n security-related TPM data. A local, unprivileged user could read the\n results of a previous TPM command. (CVE-2011-1162)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1299-1\";\ntag_affected = \"linux-ec2 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1299-1/\");\n script_id(840838);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:11:34 +0530 (Fri, 16 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1299-1\");\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\",\n \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1299-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-341-ec2\", ver:\"2.6.32-341.42\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:46", "description": "Oracle Linux Local Security Checks ELSA-2012-2003", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-2003", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2012-0207", "CVE-2011-4077", "CVE-2011-4347", "CVE-2011-4622", "CVE-2011-4081", "CVE-2012-0045", "CVE-2012-0038"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123956", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123956", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-2003.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123956\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:48 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-2003\");\n script_tag(name:\"insight\", value:\"ELSA-2012-2003 - Unbreakable Enterprise kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-2003\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-2003.html\");\n script_cve_id(\"CVE-2011-4081\", \"CVE-2011-4347\", \"CVE-2012-0038\", \"CVE-2012-0045\", \"CVE-2012-0207\", \"CVE-2011-4077\", \"CVE-2011-4132\", \"CVE-2011-4622\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~300.11.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~300.11.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~300.11.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~300.11.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~300.11.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~300.11.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~300.11.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~300.11.1.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~300.11.1.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.11.1.el5uek~1.5.1~4.0.53\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.11.1.el5uekdebug~1.5.1~4.0.53\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~300.11.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~300.11.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~300.11.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~300.11.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~300.11.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~300.11.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~300.11.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~300.11.1.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~300.11.1.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.11.1.el6uek~1.5.1~4.0.47\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.11.1.el6uekdebug~1.5.1~4.0.47\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:56", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1294-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-oneiric USN-1294-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2942", "CVE-2011-1162", "CVE-2011-4087", "CVE-2011-3209", "CVE-2011-2494", "CVE-2011-3638", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840834", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840834", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1294_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-oneiric USN-1294-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1294-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840834\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:54:02 +0530 (Fri, 09 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1294-1\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-2494\", \"CVE-2011-2942\", \"CVE-2011-3209\",\n \"CVE-2011-3638\", \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4326\");\n script_name(\"Ubuntu Update for linux-lts-backport-oneiric USN-1294-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1294-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-oneiric on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Peter Huewe discovered an information leak in the handling of reading\n security-related TPM data. A local, unprivileged user could read the\n results of a previous TPM command. (CVE-2011-1162)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Qianfeng Zhang discovered that the bridge networking interface incorrectly\n handled certain network packets. A remote attacker could exploit this to\n crash the system, leading to a denial of service. (CVE-2011-2942)\n\n Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A\n local unprivileged attacker could exploit this causing a denial of service.\n (CVE-2011-3209)\n\n Zheng Liu discovered a flaw in how the ext4 filesystem splits extents. A\n local unprivileged attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-3638)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n Scot Doyle discovered that the bridge networking interface incorrectly\n handled certain network packets. A remote attacker could exploit this to\n crash the system, leading to a denial of service. (CVE-2011-4087)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-13-generic\", ver:\"3.0.0-13.22~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-13-generic-pae\", ver:\"3.0.0-13.22~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-13-server\", ver:\"3.0.0-13.22~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-13-virtual\", ver:\"3.0.0-13.22~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:36", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1294-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-oneiric USN-1294-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2942", "CVE-2011-1162", "CVE-2011-4087", "CVE-2011-3209", "CVE-2011-2494", "CVE-2011-3638", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840834", "href": "http://plugins.openvas.org/nasl.php?oid=840834", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1294_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-oneiric USN-1294-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Peter Huewe discovered an information leak in the handling of reading\n security-related TPM data. A local, unprivileged user could read the\n results of a previous TPM command. (CVE-2011-1162)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Qianfeng Zhang discovered that the bridge networking interface incorrectly\n handled certain network packets. A remote attacker could exploit this to\n crash the system, leading to a denial of service. (CVE-2011-2942)\n\n Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A\n local unprivileged attacker could exploit this causing a denial of service.\n (CVE-2011-3209)\n\n Zheng Liu discovered a flaw in how the ext4 filesystem splits extents. A\n local unprivileged attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-3638)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n Scot Doyle discovered that the bridge networking interface incorrectly\n handled certain network packets. A remote attacker could exploit this to\n crash the system, leading to a denial of service. (CVE-2011-4087)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1294-1\";\ntag_affected = \"linux-lts-backport-oneiric on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1294-1/\");\n script_id(840834);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:54:02 +0530 (Fri, 09 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1294-1\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2011-1162\", \"CVE-2011-2494\", \"CVE-2011-2942\", \"CVE-2011-3209\",\n \"CVE-2011-3638\", \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4326\");\n script_name(\"Ubuntu Update for linux-lts-backport-oneiric USN-1294-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-13-generic\", ver:\"3.0.0-13.22~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-13-generic-pae\", ver:\"3.0.0-13.22~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-13-server\", ver:\"3.0.0-13.22~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-13-virtual\", ver:\"3.0.0-13.22~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:22", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1286-1", "cvss3": {}, "published": "2011-12-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1286-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840828", "href": "http://plugins.openvas.org/nasl.php?oid=840828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1286_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1286-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1286-1\";\ntag_affected = \"linux on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1286-1/\");\n script_id(840828);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-05 12:39:55 +0530 (Mon, 05 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1286-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\",\n \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\",\n \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1286-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-386\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-generic\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-generic-pae\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-ia64\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-lpia\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc64-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-preempt\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-server\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-sparc64\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-sparc64-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-versatile\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-virtual\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:53", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1286-1", "cvss3": {}, "published": "2011-12-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1286-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1286_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1286-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1286-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840828\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-05 12:39:55 +0530 (Mon, 05 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1286-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\",\n \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\",\n \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1286-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1286-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-386\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-generic\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-generic-pae\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-ia64\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-lpia\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc64-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-preempt\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-server\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-sparc64\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-sparc64-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-versatile\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-virtual\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:07:20", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2012:0350-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4594", "CVE-2011-4132", "CVE-2011-4611", "CVE-2012-0207", "CVE-2011-4077", "CVE-2011-4347", "CVE-2011-4622", "CVE-2011-4081", "CVE-2012-0045", "CVE-2012-0038"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:870729", "href": "http://plugins.openvas.org/nasl.php?oid=870729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2012:0350-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A buffer overflow flaw was found in the way the Linux kernel's XFS file\n system implementation handled links with overly long path names. A local,\n unprivileged user could use this flaw to cause a denial of service or\n escalate their privileges by mounting a specially-crafted disk.\n (CVE-2011-4077, Moderate)\n\n * Flaws in ghash_update() and ghash_final() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\n * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A\n local, unprivileged user could use this flaw to crash the system by\n mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n\n * It was found that the kvm_vm_ioctl_assign_device() function in the KVM\n (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if\n the user requesting device assignment was privileged or not. A local,\n unprivileged user on the host could assign unused PCI devices, or even\n devices that were in use and whose resources were not properly claimed by\n the respective drivers, which could result in the host crashing.\n (CVE-2011-4347, Moderate)\n\n * Two flaws were found in the way the Linux kernel's __sys_sendmsg()\n function, when invoked via the sendmmsg() system call, accessed user-space\n memory. A local, unprivileged user could use these flaws to cause a denial\n of service. (CVE-2011-4594, Moderate)\n\n * The RHSA-2011:1530 kernel update introduced an integer overflow flaw in\n the Linux kernel. On PowerPC systems, a local, unprivileged user could use\n this flaw to cause a denial of service. (CVE-2011-4611, Moderate)\n\n * A flaw was found in the way the KVM subsystem of a Linux kernel handled\n PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was\n no virtual interrupt controller set up. A local, unprivileged user on the\n host could force this situation to occur, resulting in the host crashing.\n (CVE-2011-4622, Moderate)\n\n * A flaw was found in the way the Linux kernel's XFS file system\n implementation handled on-disk Access Control Lists (ACLs). A local,\n unprivileged user could use this flaw to cause a denial of service or\n escalate their privileges by mounting a specially-crafted disk.\n (CVE-2012-0038, Moderate)\n\n * A flaw was found in the way the Linux kernel's KVM hypervisor\n implementa ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00002.html\");\n script_id(870729);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:55:49 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4347\",\n \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2011-4622\", \"CVE-2012-0038\",\n \"CVE-2012-0045\", \"CVE-2012-0207\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0350-01\");\n script_name(\"RedHat Update for kernel RHSA-2012:0350-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-03-17T23:03:19", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-55)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4594", "CVE-2011-4132", "CVE-2011-4611", "CVE-2012-0207", "CVE-2011-4077", "CVE-2011-4347", "CVE-2011-4622", "CVE-2011-4081", "CVE-2012-0045", "CVE-2012-0038"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120412", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120412\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:25:46 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-55)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Linux kernel. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-55.html\");\n script_cve_id(\"CVE-2011-4594\", \"CVE-2011-4347\", \"CVE-2012-0038\", \"CVE-2011-4622\", \"CVE-2012-0045\", \"CVE-2011-4132\", \"CVE-2011-4611\", \"CVE-2011-4081\", \"CVE-2011-4077\", \"CVE-2012-0207\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.35.14~107.1.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.35.14~107.1.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.35.14~107.1.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.35.14~107.1.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.14~107.1.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.35.14~107.1.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-02T10:56:58", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2012:0350 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4594", "CVE-2011-4132", "CVE-2011-4611", "CVE-2012-0207", "CVE-2011-4077", "CVE-2011-4347", "CVE-2011-4622", "CVE-2011-4081", "CVE-2012-0045", "CVE-2012-0038"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:881118", "href": "http://plugins.openvas.org/nasl.php?oid=881118", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2012:0350 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A buffer overflow flaw was found in the way the Linux kernel's XFS file\n system implementation handled links with overly long path names. A local,\n unprivileged user could use this flaw to cause a denial of service or\n escalate their privileges by mounting a specially-crafted disk.\n (CVE-2011-4077, Moderate)\n \n * Flaws in ghash_update() and ghash_final() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n \n * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A\n local, unprivileged user could use this flaw to crash the system by\n mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n \n * It was found that the kvm_vm_ioctl_assign_device() function in the KVM\n (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if\n the user requesting device assignment was privileged or not. A local,\n unprivileged user on the host could assign unused PCI devices, or even\n devices that were in use and whose resources were not properly claimed by\n the respective drivers, which could result in the host crashing.\n (CVE-2011-4347, Moderate)\n \n * Two flaws were found in the way the Linux kernel's __sys_sendmsg()\n function, when invoked via the sendmmsg() system call, accessed user-space\n memory. A local, unprivileged user could use these flaws to cause a denial\n of service. (CVE-2011-4594, Moderate)\n \n * The RHSA-2011:1530 kernel update introduced an integer overflow flaw in\n the Linux kernel. On PowerPC systems, a local, unprivileged user could use\n this flaw to cause a denial of service. (CVE-2011-4611, Moderate)\n \n * A flaw was found in the way the KVM subsystem of a Linux kernel handled\n PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was\n no virtual interrupt controller set up. A local, unprivileged user on the\n host could force this situation to occur, resulting in the host crashing.\n (CVE-2011-4622, Moderate)\n \n * A flaw was found in the way the Linux kernel's XFS file system\n implementation handled on-disk Access Control Lists (ACLs). A local,\n unprivileged user could use this flaw to cause a denial of service or\n escalate their privileges by mounting a specially-crafted disk.\n (CVE-2012-0038, Moderate)\n \n * A flaw was found in the way the Linux kernel's KVM hypervisor\n implementation emulated the syscall instruction for 32-bit guests. An\n unprivileged guest user could trigger this flaw to crash t ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-March/018468.html\");\n script_id(881118);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:12:12 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4347\",\n \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2011-4622\", \"CVE-2012-0038\",\n \"CVE-2012-0045\", \"CVE-2012-0207\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0350\");\n script_name(\"CentOS Update for kernel CESA-2012:0350 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:36", "description": "Oracle Linux Local Security Checks ELSA-2012-0350", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0350", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4594", "CVE-2011-4132", "CVE-2011-4611", "CVE-2012-0207", "CVE-2011-4077", "CVE-2011-4347", "CVE-2011-4622", "CVE-2011-4081", "CVE-2012-0045", "CVE-2012-0038"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123959", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123959", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0350.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123959\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:50 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0350\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0350 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0350\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0350.html\");\n script_cve_id(\"CVE-2011-4081\", \"CVE-2011-4347\", \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2012-0038\", \"CVE-2012-0045\", \"CVE-2012-0207\", \"CVE-2011-4077\", \"CVE-2011-4132\", \"CVE-2011-4622\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~220.7.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~220.7.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~220.7.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~220.7.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~220.7.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~220.7.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~220.7.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~220.7.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~220.7.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2012:0350 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4594", "CVE-2011-4132", "CVE-2011-4611", "CVE-2012-0207", "CVE-2011-4077", "CVE-2011-4347", "CVE-2011-4622", "CVE-2011-4081", "CVE-2012-0045", "CVE-2012-0038"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881118", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881118", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2012:0350 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-March/018468.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881118\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:12:12 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4347\",\n \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2011-4622\", \"CVE-2012-0038\",\n \"CVE-2012-0045\", \"CVE-2012-0207\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0350\");\n script_name(\"CentOS Update for kernel CESA-2012:0350 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A buffer overflow flaw was found in the way the Linux kernel's XFS file\n system implementation handled links with overly long path names. A local,\n unprivileged user could use this flaw to cause a denial of service or\n escalate their privileges by mounting a specially-crafted disk.\n (CVE-2011-4077, Moderate)\n\n * Flaws in ghash_update() and ghash_final() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\n * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A\n local, unprivileged user could use this flaw to crash the system by\n mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n\n * It was found that the kvm_vm_ioctl_assign_device() function in the KVM\n (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if\n the user requesting device assignment was privileged or not. A local,\n unprivileged user on the host could assign unused PCI devices, or even\n devices that were in use and whose resources were not properly claimed by\n the respective drivers, which could result in the host crashing.\n (CVE-2011-4347, Moderate)\n\n * Two flaws were found in the way the Linux kernel's __sys_sendmsg()\n function, when invoked via the sendmmsg() system call, accessed user-space\n memory. A local, unprivileged user could use these flaws to cause a denial\n of service. (CVE-2011-4594, Moderate)\n\n * The RHSA-2011:1530 kernel update introduced an integer overflow flaw in\n the Linux kernel. On PowerPC systems, a local, unprivileged user could use\n this flaw to cause a denial of service. (CVE-2011-4611, Moderate)\n\n * A flaw was found in the way the KVM subsystem of a Linux kernel handled\n PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was\n no virtual interrupt controller set up. A local, unprivileged user on the\n host could force this situation to occur, resulting in the host crashing.\n (CVE-2011-4622, Moderate)\n\n * A flaw was found in the way the Linux kernel's XFS file system\n implementation handled on-disk Access Control Lists (ACLs). A local,\n unprivileged user could use this flaw to cause a denial of service or\n escalate their privileges by mounting a specially-crafted disk.\n (CVE-2012-0038, Moderate)\n\n * A flaw was found in the way the Linux kernel's KVM hypervisor\n implementation emulated the syscall instruction for 32-bit guests. An\n unprivileged guest user could trigger this flaw to crash t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~220.7.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2012:0350-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4594", "CVE-2011-4132", "CVE-2011-4611", "CVE-2012-0207", "CVE-2011-4077", "CVE-2011-4347", "CVE-2011-4622", "CVE-2011-4081", "CVE-2012-0045", "CVE-2012-0038"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2012:0350-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00002.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870729\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:55:49 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4347\",\n \"CVE-2011-4594\", \"CVE-2011-4611\", \"CVE-2011-4622\", \"CVE-2012-0038\",\n \"CVE-2012-0045\", \"CVE-2012-0207\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0350-01\");\n script_name(\"RedHat Update for kernel RHSA-2012:0350-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A buffer overflow flaw was found in the way the Linux kernel's XFS file\n system implementation handled links with overly long path names. A local,\n unprivileged user could use this flaw to cause a denial of service or\n escalate their privileges by mounting a specially-crafted disk.\n (CVE-2011-4077, Moderate)\n\n * Flaws in ghash_update() and ghash_final() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\n * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A\n local, unprivileged user could use this flaw to crash the system by\n mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n\n * It was found that the kvm_vm_ioctl_assign_device() function in the KVM\n (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if\n the user requesting device assignment was privileged or not. A local,\n unprivileged user on the host could assign unused PCI devices, or even\n devices that were in use and whose resources were not properly claimed by\n the respective drivers, which could result in the host crashing.\n (CVE-2011-4347, Moderate)\n\n * Two flaws were found in the way the Linux kernel's __sys_sendmsg()\n function, when invoked via the sendmmsg() system call, accessed user-space\n memory. A local, unprivileged user could use these flaws to cause a denial\n of service. (CVE-2011-4594, Moderate)\n\n * The RHSA-2011:1530 kernel update introduced an integer overflow flaw in\n the Linux kernel. On PowerPC systems, a local, unprivileged user could use\n this flaw to cause a denial of service. (CVE-2011-4611, Moderate)\n\n * A flaw was found in the way the KVM subsystem of a Linux kernel handled\n PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was\n no virtual interrupt controller set up. A local, unprivileged user on the\n host could force this situation to occur, resulting in the host crashing.\n (CVE-2011-4622, Moderate)\n\n * A flaw was found in the way the Linux kernel's XFS file system\n implementation handled on-disk Access Control Lists (ACLs). A local,\n unprivileged user could use this flaw to cause a denial of service or\n escalate their privileges by mounting a specially-crafted disk.\n (CVE-2012-0038, Moderate)\n\n * A flaw was found in the way the Linux kernel's KVM hypervisor\n implementa ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~220.7.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-08T12:57:33", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "SuSE Update for kernel openSUSE-SU-2012:0206-1 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-2525"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:850253", "href": "http://plugins.openvas.org/nasl.php?oid=850253", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0206_1.nasl 8313 2018-01-08 07:02:11Z teissa $\n#\n# SuSE Update for kernel openSUSE-SU-2012:0206-1 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openSUSE 11.3 kernel was updated to fix various bugs\n and security issues.\n\n Following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function\n in the Linux kernels packet scheduler API implementation to\n be called on built-in qdisc structures. A local,\n unprivileged user could have used this flaw to trigger a\n NULL pointer dereference, resulting in a denial of service.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-1576: The Generic Receive Offload (GRO)\n implementation in the Linux kernel allowed remote attackers\n to cause a denial of service via crafted VLAN packets that\n are processed by the napi_reuse_skb function, leading to\n (1) a memory leak or (2) memory corruption, a different\n vulnerability than CVE-2011-1478.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on openSUSE 11.3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850253);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 22:52:42 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\",\n \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\",\n \"CVE-2011-2898\", \"CVE-2011-4081\", \"CVE-2011-4604\", \"CVE-2010-3880\",\n \"CVE-2011-1478\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0206_1\");\n script_name(\"SuSE Update for kernel openSUSE-SU-2012:0206-1 (kernel)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.1_k2.6.34.10_0.6~19.1.37\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.1_k2.6.34.10_0.6~19.1.37\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:41:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2012:0206-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-2525"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850253", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850253\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 22:52:42 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\",\n \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\",\n \"CVE-2011-2898\", \"CVE-2011-4081\", \"CVE-2011-4604\", \"CVE-2010-3880\",\n \"CVE-2011-1478\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0206-1\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2012:0206-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.3\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 11.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 11.3 kernel was updated to fix various bugs\n and security issues.\n\n The following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function\n in the Linux kernels packet scheduler API implementation to\n be called on built-in qdisc structures. A local,\n unprivileged user could have used this flaw to trigger a\n NULL pointer dereference, resulting in a denial of service.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-1576: The Generic Receive Offload (GRO)\n implementation in the Linux kernel allowed remote attackers\n to cause a denial of service via crafted VLAN packets that\n are processed by the napi_reuse_skb function, leading to\n (1) a memory leak or (2) memory corruption, a different\n vulnerability than CVE-2011-1478.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.1_k2.6.34.10_0.6~19.1.37\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.1_k2.6.34.10_0.6~19.1.37\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-06T13:07:15", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "SuSE Update for kernel openSUSE-SU-2012:0236-1 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-4087", "CVE-2011-1173", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-1080"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:850211", "href": "http://plugins.openvas.org/nasl.php?oid=850211", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0236_1.nasl 8295 2018-01-05 06:29:18Z teissa $\n#\n# SuSE Update for kernel openSUSE-SU-2012:0236-1 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openSUSE 11.4 kernel was updated to fix bugs and\n security issues.\n\n Following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-1173: A kernel information leak via ip6_tables was\n fixed.\n\n CVE-2011-1172: A kernel information leak via ip6_tables\n netfilter was fixed.\n\n CVE-2011-1171: A kernel information leak via ip_tables was\n fixed.\n\n CVE-2011-1170: A kernel information leak via arp_tables was\n fixed.\n\n CVE-2011-1080: A kernel information leak via netfilter was\n fixed.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n to read kernel memory.\n\n CVE-2011-4087: A local denial of service when using bridged\n networking via a flood ping was fixed.\n\n CVE-2011-2203: A NULL ptr dereference on mounting corrupt\n hfs filesystems was fixed which could be used by local\n attackers to cr ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on openSUSE 11.4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850211);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 20:47:46 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1080\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\",\n \"CVE-2011-1173\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\",\n \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2898\",\n \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4604\", \"CVE-2010-3880\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0236_1\");\n script_name(\"SuSE Update for kernel openSUSE-SU-2012:0236-1 (kernel)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.2_k2.6.37.6_0.11~6.7.28\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.2_k2.6.37.6_0.11~6.7.28\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:41:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2012:0236-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-4087", "CVE-2011-1173", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-1080"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850211", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850211\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 20:47:46 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1080\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\",\n \"CVE-2011-1173\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\",\n \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2898\",\n \"CVE-2011-4081\", \"CVE-2011-4087\", \"CVE-2011-4604\", \"CVE-2010-3880\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0236-1\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2012:0236-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 11.4\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 11.4 kernel was updated to fix bugs and\n security issues.\n\n The following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-1173: A kernel information leak via ip6_tables was\n fixed.\n\n CVE-2011-1172: A kernel information leak via ip6_tables\n netfilter was fixed.\n\n CVE-2011-1171: A kernel information leak via ip_tables was\n fixed.\n\n CVE-2011-1170: A kernel information leak via arp_tables was\n fixed.\n\n CVE-2011-1080: A kernel information leak via netfilter was\n fixed.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n to read kernel memory.\n\n CVE-2011-4087: A local denial of service when using bridged\n networking via a flood ping was fixed.\n\n CVE-2011-2203: A NULL ptr dereference on mounting corrupt\n hfs filesystems was fixed which could be used by local\n attackers to cr ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.2_k2.6.37.6_0.11~6.7.28\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.2_k2.6.37.6_0.11~6.7.28\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.37.6~0.11.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:55:56", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-15241", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3904", "CVE-2011-2918", "CVE-2010-4073", "CVE-2011-3188", "CVE-2010-4668", "CVE-2010-4072", "CVE-2011-1746", "CVE-2011-2723", "CVE-2011-1083", "CVE-2011-1494", "CVE-2011-2517", "CVE-2011-2928", "CVE-2010-2963", "CVE-2011-2699", "CVE-2010-3698", "CVE-2011-1161", "CVE-2011-1770", "CVE-2011-1495", "CVE-2011-1833", "CVE-2010-3880", "CVE-2011-3353", "CVE-2011-2905", "CVE-2011-4077", "CVE-2011-2497", "CVE-2011-2695", "CVE-2010-2962", "CVE-2011-1745", "CVE-2011-4081", "CVE-2011-3191"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863606", "href": "http://plugins.openvas.org/nasl.php?oid=863606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-15241\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 14\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068760.html\");\n script_id(863606);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-08 19:07:44 +0530 (Tue, 08 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-15241\");\n script_cve_id(\"CVE-2011-4081\", \"CVE-2011-4077\", \"CVE-2011-1083\", \"CVE-2011-2699\",\n \"CVE-2011-1161\", \"CVE-2011-3353\", \"CVE-2011-2918\", \"CVE-2011-3188\",\n \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3191\", \"CVE-2011-1833\",\n \"CVE-2011-2905\", \"CVE-2011-2695\", \"CVE-2011-2497\", \"CVE-2011-2517\",\n \"CVE-2011-1770\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1745\",\n \"CVE-2011-1746\", \"CVE-2010-4668\", \"CVE-2010-4073\", \"CVE-2010-4072\",\n \"CVE-2010-3880\", \"CVE-2010-2962\", \"CVE-2010-3698\", \"CVE-2010-2963\",\n \"CVE-2010-3904\");\n script_name(\"Fedora Update for kernel FEDORA-2011-15241\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.14~103.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:17:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-15241", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3904", "CVE-2011-2918", "CVE-2010-4073", "CVE-2011-3188", "CVE-2010-4668", "CVE-2010-4072", "CVE-2011-1746", "CVE-2011-2723", "CVE-2011-1083", "CVE-2011-1494", "CVE-2011-2517", "CVE-2011-2928", "CVE-2010-2963", "CVE-2011-2699", "CVE-2010-3698", "CVE-2011-1161", "CVE-2011-1770", "CVE-2011-1495", "CVE-2011-1833", "CVE-2010-3880", "CVE-2011-3353", "CVE-2011-2905", "CVE-2011-4077", "CVE-2011-2497", "CVE-2011-2695", "CVE-2010-2962", "CVE-2011-1745", "CVE-2011-4081", "CVE-2011-3191"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-15241\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068760.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863606\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-08 19:07:44 +0530 (Tue, 08 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-15241\");\n script_cve_id(\"CVE-2011-4081\", \"CVE-2011-4077\", \"CVE-2011-1083\", \"CVE-2011-2699\",\n \"CVE-2011-1161\", \"CVE-2011-3353\", \"CVE-2011-2918\", \"CVE-2011-3188\",\n \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3191\", \"CVE-2011-1833\",\n \"CVE-2011-2905\", \"CVE-2011-2695\", \"CVE-2011-2497\", \"CVE-2011-2517\",\n \"CVE-2011-1770\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1745\",\n \"CVE-2011-1746\", \"CVE-2010-4668\", \"CVE-2010-4073\", \"CVE-2010-4072\",\n \"CVE-2010-3880\", \"CVE-2010-2962\", \"CVE-2010-3698\", \"CVE-2010-2963\",\n \"CVE-2010-3904\");\n script_name(\"Fedora Update for kernel FEDORA-2011-15241\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.14~103.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:18:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-16346", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3904", "CVE-2011-2918", "CVE-2010-4073", "CVE-2011-3188", "CVE-2010-4668", "CVE-2010-4072", "CVE-2011-1746", "CVE-2011-2723", "CVE-2011-4110", "CVE-2011-1083", "CVE-2011-1494", "CVE-2011-2517", "CVE-2011-2928", "CVE-2010-2963", "CVE-2011-2699", "CVE-2011-4132", "CVE-2010-3698", "CVE-2011-1161", "CVE-2011-1770", "CVE-2011-1495", "CVE-2011-1833", "CVE-2010-3880", "CVE-2011-3353", "CVE-2011-2905", "CVE-2011-4077", "CVE-2011-2497", "CVE-2011-2695", "CVE-2010-2962", "CVE-2011-1745", "CVE-2011-4326", "CVE-2011-4081", "CVE-2011-3191"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863647", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-16346\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070272.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863647\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-02 13:22:20 +0530 (Fri, 02 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-16346\");\n script_cve_id(\"CVE-2011-4110\", \"CVE-2011-4326\", \"CVE-2011-4132\", \"CVE-2011-4081\",\n \"CVE-2011-4077\", \"CVE-2011-1083\", \"CVE-2011-2699\", \"CVE-2011-1161\",\n \"CVE-2011-3353\", \"CVE-2011-2918\", \"CVE-2011-3188\", \"CVE-2011-2723\",\n \"CVE-2011-2928\", \"CVE-2011-3191\", \"CVE-2011-1833\", \"CVE-2011-2905\",\n \"CVE-2011-2695\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-1770\",\n \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1745\", \"CVE-2011-1746\",\n \"CVE-2010-4668\", \"CVE-2010-4073\", \"CVE-2010-4072\", \"CVE-2010-3880\",\n \"CVE-2010-2962\", \"CVE-2010-3698\", \"CVE-2010-2963\", \"CVE-2010-3904\");\n script_name(\"Fedora Update for kernel FEDORA-2011-16346\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.14~106.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:42", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-16346", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3904", "CVE-2011-2918", "CVE-2010-4073", "CVE-2011-3188", "CVE-2010-4668", "CVE-2010-4072", "CVE-2011-1746", "CVE-2011-2723", "CVE-2011-4110", "CVE-2011-1083", "CVE-2011-1494", "CVE-2011-2517", "CVE-2011-2928", "CVE-2010-2963", "CVE-2011-2699", "CVE-2011-4132", "CVE-2010-3698", "CVE-2011-1161", "CVE-2011-1770", "CVE-2011-1495", "CVE-2011-1833", "CVE-2010-3880", "CVE-2011-3353", "CVE-2011-2905", "CVE-2011-4077", "CVE-2011-2497", "CVE-2011-2695", "CVE-2010-2962", "CVE-2011-1745", "CVE-2011-4326", "CVE-2011-4081", "CVE-2011-3191"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863647", "href": "http://plugins.openvas.org/nasl.php?oid=863647", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-16346\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 14\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070272.html\");\n script_id(863647);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-02 13:22:20 +0530 (Fri, 02 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-16346\");\n script_cve_id(\"CVE-2011-4110\", \"CVE-2011-4326\", \"CVE-2011-4132\", \"CVE-2011-4081\",\n \"CVE-2011-4077\", \"CVE-2011-1083\", \"CVE-2011-2699\", \"CVE-2011-1161\",\n \"CVE-2011-3353\", \"CVE-2011-2918\", \"CVE-2011-3188\", \"CVE-2011-2723\",\n \"CVE-2011-2928\", \"CVE-2011-3191\", \"CVE-2011-1833\", \"CVE-2011-2905\",\n \"CVE-2011-2695\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-1770\",\n \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1745\", \"CVE-2011-1746\",\n \"CVE-2010-4668\", \"CVE-2010-4073\", \"CVE-2010-4072\", \"CVE-2010-3880\",\n \"CVE-2010-2962\", \"CVE-2010-3698\", \"CVE-2010-2963\", \"CVE-2010-3904\");\n script_name(\"Fedora Update for kernel FEDORA-2011-16346\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.14~106.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:31:58", "description": "crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to\ncause a denial of service (NULL pointer dereference and OOPS) or possibly\nhave unspecified other impact by triggering a failed or missing\nghash_setkey function call, followed by a (1) ghash_update function call or\n(2) ghash_final function call, as demonstrated by a write operation on an\nAF_ALG socket.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/749475>\n * <https://bugs.gentoo.org/388581>\n * <https://launchpad.net/bugs/887299>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-10-29T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4081", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4081"], "modified": "2011-10-29T00:00:00", "id": "UB:CVE-2011-4081", "href": "https://ubuntu.com/security/CVE-2011-4081", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "veracode": [{"lastseen": "2022-07-27T10:32:29", "description": "kernel is vulnerable to denial of service. Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-10T01:09:28", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4081"], "modified": "2020-04-14T06:30:20", "id": "VERACODE:24930", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24930/summary", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:37:25", "description": "crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-05-24T23:55:00", "type": "cve", "title": "CVE-2011-4081", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4081"], "modified": "2020-07-29T15:34:00", "cpe": [], "id": "CVE-2011-4081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4081", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": []}], "ubuntu": [{"lastseen": "2023-01-26T13:38:01", "description": "## Releases\n\n * Ubuntu 11.10 \n\n## Packages\n\n * linux-ti-omap4 \\- Linux kernel for OMAP4\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-05T00:00:00", "type": "ubuntu", "title": "Linux (OMAP4) vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4081"], "modified": "2011-12-05T00:00:00", "id": "USN-1287-1", "href": "https://ubuntu.com/security/notices/USN-1287-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T13:37:49", "description": "## Releases\n\n * Ubuntu 11.10 \n\n## Packages\n\n * linux \\- Linux kernel\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-01-09T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4081"], "modified": "2012-01-09T00:00:00", "id": "USN-1322-1", "href": "https://ubuntu.com/security/notices/USN-1322-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T13:37:56", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux-lts-backport-natty \\- Linux kernel backport from Natty\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker \nable to mount ext3 or ext4 file systems could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-4132)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. \nWhen a malformed HFS file system is mounted a local user could crash the \nsystem or gain root privileges. (CVE-2011-4330)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-13T00:00:00", "type": "ubuntu", "title": "Linux kernel (Natty backport) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4330"], "modified": "2011-12-13T00:00:00", "id": "USN-1301-1", "href": "https://ubuntu.com/security/notices/USN-1301-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:37:56", "description": "## Releases\n\n * Ubuntu 11.04 \n\n## Packages\n\n * linux \\- Linux kernel\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker \nable to mount ext3 or ext4 file systems could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-4132)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. \nWhen a malformed HFS file system is mounted a local user could crash the \nsystem or gain root privileges. (CVE-2011-4330)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-19T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4330"], "modified": "2011-12-19T00:00:00", "id": "USN-1312-1", "href": "https://ubuntu.com/security/notices/USN-1312-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:37:59", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux-lts-backport-maverick \\- Linux kernel backport from Maverick\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker \nable to mount ext3 or ext4 file systems could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in \nudp6_ufo_fragment() function. A remote attacker could use this flaw to \ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. \nWhen a malformed HFS file system is mounted a local user could crash the \nsystem or gain root privileges. (CVE-2011-4330)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-08T00:00:00", "type": "ubuntu", "title": "Linux kernel (Maverick backport) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2011-12-08T00:00:00", "id": "USN-1292-1", "href": "https://ubuntu.com/security/notices/USN-1292-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:37:59", "description": "## Releases\n\n * Ubuntu 10.10 \n\n## Packages\n\n * linux \\- Linux kernel\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker \nable to mount ext3 or ext4 file systems could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in \nudp6_ufo_fragment() function. A remote attacker could use this flaw to \ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. \nWhen a malformed HFS file system is mounted a local user could crash the \nsystem or gain root privileges. (CVE-2011-4330)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-08T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2011-12-08T00:00:00", "id": "USN-1293-1", "href": "https://ubuntu.com/security/notices/USN-1293-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:37:56", "description": "## Releases\n\n * Ubuntu 10.10 \n\n## Packages\n\n * linux-ti-omap4 \\- Linux kernel for OMAP4\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker \nable to mount ext3 or ext4 file systems could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in \nudp6_ufo_fragment() function. A remote attacker could use this flaw to \ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. \nWhen a malformed HFS file system is mounted a local user could crash the \nsystem or gain root privileges. (CVE-2011-4330)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-13T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2011-12-13T00:00:00", "id": "USN-1302-1", "href": "https://ubuntu.com/security/notices/USN-1302-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:37:55", "description": "## Releases\n\n * Ubuntu 10.10 \n\n## Packages\n\n * linux-mvl-dove \\- Linux kernel for DOVE\n\nPeter Huewe discovered an information leak in the handling of reading \nsecurity-related TPM data. A local, unprivileged user could read the \nresults of a previous TPM command. (CVE-2011-1162)\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker \nable to mount ext3 or ext4 file systems could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in \nudp6_ufo_fragment() function. A remote attacker could use this flaw to \ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. \nWhen a malformed HFS file system is mounted a local user could crash the \nsystem or gain root privileges. (CVE-2011-4330)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-13T00:00:00", "type": "ubuntu", "title": "Linux kernel (Marvell DOVE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1162", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2011-12-13T00:00:00", "id": "USN-1303-1", "href": "https://ubuntu.com/security/notices/USN-1303-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:37:56", "description": "## Releases\n\n * Ubuntu 11.04 \n\n## Packages\n\n * linux-ti-omap4 \\- Linux kernel for OMAP4\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops. (CVE-2011-4081)\n\nScot Doyle discovered that the bridge networking interface incorrectly \nhandled certain network packets. A remote attacker could exploit this to \ncrash the system, leading to a denial of service. (CVE-2011-4087)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker \nable to mount ext3 or ext4 file systems could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in \nudp6_ufo_fragment() function. A remote attacker could use this flaw to \ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. \nWhen a malformed HFS file system is mounted a local user could crash the \nsystem or gain root privileges. (CVE-2011-4330)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-13T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2011-12-13T00:00:00", "id": "USN-1304-1", "href": "https://ubuntu.com/security/notices/USN-1304-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:37:56", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux-ec2 \\- Linux kernel for EC2\n\nPeter Huewe discovered an information leak in the handling of reading \nsecurity-related TPM data. A local, unprivileged user could read the \nresults of a previous TPM command. (CVE-2011-1162)\n\nZheng Liu discovered a flaw in how the ext4 filesystem splits extents. A \nlocal unprivileged attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2011-3638)\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker \nable to mount ext3 or ext4 file systems could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in \nudp6_ufo_fragment() function. A remote attacker could use this flaw to \ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. \nWhen a malformed HFS file system is mounted a local user could crash the \nsystem or gain root privileges. (CVE-2011-4330)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-13T00:00:00", "type": "ubuntu", "title": "Linux kernel (EC2) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1162", "CVE-2011-3638", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2011-12-13T00:00:00", "id": "USN-1299-1", "href": "https://ubuntu.com/security/notices/USN-1299-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:37:56", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux \\- Linux kernel\n\nPeter Huewe discovered an information leak in the handling of reading \nsecurity-related TPM data. A local, unprivileged user could read the \nresults of a previous TPM command. (CVE-2011-1162)\n\nZheng Liu discovered a flaw in how the ext4 filesystem splits extents. A \nlocal unprivileged attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2011-3638)\n\nA bug was discovered in the XFS filesystem's handling of pathnames. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or gain root privileges. (CVE-2011-4077)\n\nNick Bowler discovered the kernel GHASH message digest algorithm \nincorrectly handled error conditions. A local attacker could exploit this \nto cause a kernel oops. (CVE-2011-4081)\n\nA flaw was found in the Journaling Block Device (JBD). A local attacker \nable to mount ext3 or ext4 file systems could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-4132)\n\nA bug was found in the way headroom check was performed in \nudp6_ufo_fragment() function. A remote attacker could use this flaw to \ncrash the system. (CVE-2011-4326)\n\nClement Lecigne discovered a bug in the HFS file system bounds checking. \nWhen a malformed HFS file system is mounted a local user could crash the \nsystem or gain root privileges. (CVE-2011-4330)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-12-19T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1162", "CVE-2011-3638", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2011-12-19T00:00:00", "id": "USN-1311-1", "href": "https://ubuntu.com/security/notices/USN-1311-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2022-11-01T21:39:09", "description": "**Issue Overview:**\n\nThe epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.\n\nBuffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.\n\ncrypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 perf-2.6.35.14-103.47.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-devel-2.6.35.14-103.47.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-2.6.35.14-103.47.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-headers-2.6.35.14-103.47.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-i686-2.6.35.14-103.47.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-2.6.35.14-103.47.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 kernel-doc-2.6.35.14-103.47.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 kernel-2.6.35.14-103.47.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 kernel-debuginfo-2.6.35.14-103.47.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-2.6.35.14-103.47.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-2.6.35.14-103.47.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-2.6.35.14-103.47.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-2.6.35.14-103.47.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-2.6.35.14-103.47.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2011-1083](<https://access.redhat.com/security/cve/CVE-2011-1083>), [CVE-2011-4077](<https://access.redhat.com/security/cve/CVE-2011-4077>), [CVE-2011-4081](<https://access.redhat.com/security/cve/CVE-2011-4081>)\n\nMitre: [CVE-2011-1083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1083>), [CVE-2011-4077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077>), [CVE-2011-4081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4081>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-11-19T01:22:00", "type": "amazon", "title": "Medium: kernel", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1083", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2014-09-14T14:50:00", "id": "ALAS-2011-022", "href": "https://alas.aws.amazon.com/ALAS-2011-22.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-01T21:36:28", "description": "**Issue Overview:**\n\nA buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2011-4077, Moderate)\n\nFlaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\nA flaw was found in the Linux kernel's Journaling Block Device (JBD). A local, unprivileged user could use this flaw to crash the system by mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n\nIt was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347, Moderate)\n\nTwo flaws were found in the way the Linux kernel's __sys_sendmsg() function, when invoked via the sendmmsg() system call, accessed user-space memory. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2011-4594, Moderate)\n\nA previous update introduced an integer overflow flaw in the Linux kernel. On PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4611, Moderate)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A local, unprivileged user on the host could force this situation to occur, resulting in the host crashing. (CVE-2011-4622, Moderate)\n\nA flaw was found in the way the Linux kernel's XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2012-0038, Moderate)\n\nA flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest. (CVE-2012-0045, Moderate)\n\nA divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207, Moderate)\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 kernel-devel-2.6.35.14-107.1.39.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-i686-2.6.35.14-107.1.39.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-headers-2.6.35.14-107.1.39.amzn1.i686 \n \u00a0\u00a0\u00a0 perf-2.6.35.14-107.1.39.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-2.6.35.14-107.1.39.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-2.6.35.14-107.1.39.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 kernel-doc-2.6.35.14-107.1.39.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 kernel-2.6.35.14-107.1.39.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 kernel-2.6.35.14-107.1.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-2.6.35.14-107.1.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-2.6.35.14-107.1.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-2.6.35.14-107.1.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-2.6.35.14-107.1.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-2.6.35.14-107.1.39.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2011-4077](<https://access.redhat.com/security/cve/CVE-2011-4077>), [CVE-2011-4081](<https://access.redhat.com/security/cve/CVE-2011-4081>), [CVE-2011-4132](<https://access.redhat.com/security/cve/CVE-2011-4132>), [CVE-2011-4347](<https://access.redhat.com/security/cve/CVE-2011-4347>), [CVE-2011-4594](<https://access.redhat.com/security/cve/CVE-2011-4594>), [CVE-2011-4611](<https://access.redhat.com/security/cve/CVE-2011-4611>), [CVE-2011-4622](<https://access.redhat.com/security/cve/CVE-2011-4622>), [CVE-2012-0038](<https://access.redhat.com/security/cve/CVE-2012-0038>), [CVE-2012-0045](<https://access.redhat.com/security/cve/CVE-2012-0045>), [CVE-2012-0207](<https://access.redhat.com/security/cve/CVE-2012-0207>)\n\nMitre: [CVE-2011-4077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077>), [CVE-2011-4081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4081>), [CVE-2011-4132](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132>), [CVE-2011-4347](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4347>), [CVE-2011-4594](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4594>), [CVE-2011-4611](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4611>), [CVE-2011-4622](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4622>), [CVE-2012-0038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0038>), [CVE-2012-0045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0045>), [CVE-2012-0207](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0207>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-03-16T10:53:00", "type": "amazon", "title": "Medium: kernel", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207"], "modified": "2014-09-14T15:42:00", "id": "ALAS-2012-055", "href": "https://alas.aws.amazon.com/ALAS-2012-55.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:45", "description": "Multiple vulnerabilities in file systems implementations.", "edition": 1, "cvss3": {}, "published": "2011-12-12T00:00:00", "type": "securityvulns", "title": "Linux kernel multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2011-12-12T00:00:00", "id": "SECURITYVULNS:VULN:12086", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12086", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "==========================================================================\r\nUbuntu Security Notice USN-1293-1\r\nDecember 08, 2011\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.10\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nA bug was discovered in the XFS filesystem&#39;s handling of pathnames. A local\r\nattacker could exploit this to crash the system, leading to a denial of\r\nservice, or gain root privileges. &#40;CVE-2011-4077&#41;\r\n\r\nNick Bowler discovered the kernel GHASH message digest algorithm\r\nincorrectly handled error conditions. A local attacker could exploit this\r\nto cause a kernel oops. &#40;CVE-2011-4081&#41;\r\n\r\nA flaw was found in the Journaling Block Device &#40;JBD&#41;. A local attacker\r\nable to mount ext3 or ext4 file systems could exploit this to crash the\r\nsystem, leading to a denial of service. &#40;CVE-2011-4132&#41;\r\n\r\nA bug was found in the way headroom check was performed in\r\nudp6_ufo_fragment&#40;&#41; function. A remote attacker could use this flaw to\r\ncrash the system. &#40;CVE-2011-4326&#41;\r\n\r\nClement Lecigne discovered a bug in the HFS file system bounds checking.\r\nWhen a malformed HFS file system is mounted a local user could crash the\r\nsystem or gain root privileges. &#40;CVE-2011-4330&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.10:\r\n linux-image-2.6.35-31-generic 2.6.35-31.63\r\n linux-image-2.6.35-31-generic-pae 2.6.35-31.63\r\n linux-image-2.6.35-31-omap 2.6.35-31.63\r\n linux-image-2.6.35-31-powerpc 2.6.35-31.63\r\n linux-image-2.6.35-31-powerpc-smp 2.6.35-31.63\r\n linux-image-2.6.35-31-powerpc64-smp 2.6.35-31.63\r\n linux-image-2.6.35-31-server 2.6.35-31.63\r\n linux-image-2.6.35-31-versatile 2.6.35-31.63\r\n linux-image-2.6.35-31-virtual 2.6.35-31.63\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1293-1\r\n CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4326,\r\n CVE-2011-4330\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.35-31.63\r\n", "edition": 1, "cvss3": {}, "published": "2011-12-12T00:00:00", "title": "[USN-1293-1] Linux kernel vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081"], "modified": "2011-12-12T00:00:00", "id": "SECURITYVULNS:DOC:27432", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27432", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:01", "description": "[2.6.32-300.11.1.el6uek]\n- [fs] xfs: Fix possible memory corruption in xfs_readlink (Carlos Maiolino) {CVE-2011-4077}\n- [scsi] increase qla2xxx firmware ready time-out (Joe Jin)\n- [scsi] qla2xxx: Module parameter to control use of async or sync port login (Joe Jin)\n- [net] tg3: Fix single-vector MSI-X code (Joe Jin)\n- [net] qlge: fix size of external list for TX address descriptors (Joe Jin)\n- [net] e1000e: Avoid wrong check on TX hang (Joe Jin)\n- crypto: ghash - Avoid null pointer dereference if no key is set (Nick Bowler) {CVE-2011-4081}\n- jbd/jbd2: validate sb->s_first in journal_get_superblock() (Eryu Guan) {CVE-2011-4132}\n- KVM: Device assignment permission checks (Joe Jin) {CVE-2011-4347}\n- KVM: x86: Prevent starting PIT timers in the absence of irqchip support (Jan Kiszka) {CVE-2011-4622}\n- xfs: validate acl count (Joe Jin) {CVE-2012-0038}\n- KVM: x86: fix missing checks in syscall emulation (Joe Jin) {CVE-2012-0045}\n- KVM: x86: extend 'struct x86_emulate_ops' with 'get_cpuid' (Joe Jin) {CVE-2012-0045}\n- igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Ben Hutchings) {CVE-2012-0207}\n- ipv4: correct IGMP behavior on v3 query during v2-compatibility mode (David Stevens)\n- fuse: fix fuse request unique id (Srinivas Eeda) [orabug 13816349]\n[2.6.32-300.10.1.el6uek]\n- net: remove extra register in ip_gre (Guru Anbalagane) [Orabug: 13633287]\n[2.6.32-300.9.1.el6uek]\n- [netdrv] fnic: return zero on fnic_reset() success (Joe Jin)\n- [e1000e] Add entropy generation back for network interrupts (John Sobecki)\n- [nfs4] LINUX CLIENT TREATS NFS4ERR_GRACE AS A PERMANENT ERROR [orabug 13476821] (John Sobecki)\n- [nfs] NFS CLIENT CONNECTS TO SERVER THEN DISCONNECTS [orabug 13516759] (John Sobecki)\n- [sunrpc] Add patch for a mount crash in __rpc_create_common [orabug 13322773] (John Sobecki)\n[2.6.32-300.8.1.el6uek]\n- SPEC: fix dependency on firmware/mkinitrd (Guru Anbalagane) [orabug 13637902]\n- xfs: fix acl count validation in xfs_acl_from_disk() (Dan Carpenter)\n- [SCSI] scsi_dh: check queuedata pointer before proceeding further (Moger Babu)\n [orabug 13615419]", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-4132", "CVE-2012-0207", "CVE-2011-4077", "CVE-2011-4347", "CVE-2011-4622", "CVE-2011-4081", "CVE-2012-0045", "CVE-2012-0038"], "modified": "2012-03-07T00:00:00", "id": "ELSA-2012-2003", "href": "http://linux.oracle.com/errata/ELSA-2012-2003.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:23", "description": "[2.6.32-220.7.1.el6]\n- [netdrv] tg3: Fix single-vector MSI-X code (John Feeney) [787162 703555]\n- [mm] export remove_from_page_cache() to modules (Jerome Marchand) [772687 751419]\n- [block] cfq-iosched: fix cfq_cic_link() race confition (Vivek Goyal) [786022 765673]\n- [fs] cifs: lower default wsize when unix extensions are not used (Jeff Layton) [789058 773705]\n- [net] svcrpc: fix double-free on shutdown of nfsd after changing pool mode (J. Bruce Fields) [787580 753030]\n- [net] svcrpc: avoid memory-corruption on pool shutdown (J. Bruce Fields) [787580 753030]\n- [net] svcrpc: destroy server sockets all at once (J. Bruce Fields) [787580 753030]\n- [net] svcrpc: simplify svc_close_all (J. Bruce Fields) [787580 753030]\n- [net] svcrpc: fix list-corrupting race on nfsd shutdown (J. Bruce Fields) [787580 753030]\n- [fs] xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() (Carlos Maiolino) [749161 694702] {CVE-2011-4077}\n- [fs] xfs: Fix memory corruption in xfs_readlink (Carlos Maiolino) [749161 694702] {CVE-2011-4077}\n- [x86] hpet: Disable per-cpu hpet timer if ARAT is supported (Prarit Bhargava) [772884 750201]\n- [x86] Improve TSC calibration using a delayed workqueue (Prarit Bhargava) [772884 750201]\n- [kernel] clocksource: Add clocksource_register_hz/khz interface (Prarit Bhargava) [772884 750201]\n- [kernel] clocksource: Provide a generic mult/shift factor calculation (Prarit Bhargava) [772884 750201]\n- [block] cfq-iosched: fix a kbuild regression (Vivek Goyal) [769208 705698]\n- [block] cfq-iosched: rethink seeky detection for SSDs (Vivek Goyal) [769208 705698]\n- [block] cfq-iosched: rework seeky detection (Vivek Goyal) [769208 705698]\n- [block] cfq-iosched: don't regard requests with long distance as close (Vivek Goyal) [769208 705698]\n[2.6.32-220.6.1.el6]\n- [scsi] qla2xxx: Module parameter to control use of async or sync port login (Chad Dupuis) [788003 769007]\n[2.6.32-220.5.1.el6]\n- [net] igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Jiri Pirko) [772870 772871] {CVE-2012-0207}\n- [fs] xfs: validate acl count (Eric Sandeen) [773282 773283] {CVE-2012-0038}\n- [fs] Fix sendfile write-side file position (Steven Whitehouse) [771870 770023]\n- [virt] kvm: x86: fix missing checks in syscall emulation (Marcelo Tosatti) [773390 773391] {CVE-2012-0045}\n- [virt] kvm: x86: extend 'struct x86_emulate_ops' with 'get_cpuid' (Marcelo Tosatti) [773390 773391] {CVE-2012-0045}\n- [fs] nfs: when attempting to open a directory, fall back on normal lookup (Jeff Layton) [771981 755380]\n- [kernel] crypto: ghash - Avoid null pointer dereference if no key is set (Jiri Benc) [749481 749482] {CVE-2011-4081}\n- [fs] jbd2: validate sb->s_first in journal_get_superblock() (Eryu Guan) [753344 693981] {CVE-2011-4132}\n- [net] fix unsafe pointer access in sendmmsg (Jiri Benc) [761668 760798] {CVE-2011-4594}\n- [scsi] increase qla2xxx firmware ready time-out (Mark Goodwin) [781971 731917]\n- [perf] powerpc: Handle events that raise an exception without overflowing (Steve Best) [767917 755737] {CVE-2011-4611}\n- [sched] x86: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [781974 765720]\n- [virt] x86: Prevent starting PIT timers in the absence of irqchip support (Marcelo Tosatti) [769634 769550] {CVE-2011-4622}\n- [virt] vmxnet3: revert hw features change (Neil Horman) [761536 759613]\n- [netdrv] qlge: fix size of external list for TX address descriptors (Steve Best) [783226 772237]\n- [netdrv] e1000e: Avoid wrong check on TX hang (Dean Nelson) [768916 751087]\n- [virt] KVM: Device assignment permission checks (Alex Williamson) [756092 756093] {CVE-2011-4347}\n- [virt] KVM: Remove ability to assign a device without iommu support (Alex Williamson) [756092 756093] {CVE-2011-4347}\n- [virt] kvm: device-assignment: revert Disable the option to skip iommu setup (Alex Williamson) [756092 756093] {CVE-2011-4347}", "cvss3": {}, "published": "2012-03-06T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-4594", "CVE-2011-4132", "CVE-2011-4611", "CVE-2012-0207", "CVE-2011-4077", "CVE-2011-4347", "CVE-2011-4622", "CVE-2011-4081", "CVE-2012-0045", "CVE-2012-0038"], "modified": "2012-03-06T00:00:00", "id": "ELSA-2012-0350", "href": "http://linux.oracle.com/errata/ELSA-2012-0350.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:56:25", "description": "The SUSE Linux Enterprise 11 SP1 kernel was updated to\n 2.6.32.54, fixing lots of bugs and security issues.\n\n The following security issues have been fixed:\n\n * CVE-2011-4127: A potential hypervisor escape by\n issuing SG_IO commands to partitiondevices was fixed by\n restricting access to these commands.\n * CVE-2011-4110: KEYS: Fix a NULL pointer deref in the\n user-defined key type, which allowed local attackers to\n Oops the kernel.\n * CVE-2011-4081: Avoid potential NULL pointer deref in\n ghash, which allowed local attackers to Oops the kernel.\n * CVE-2011-4077: Fixed a memory corruption possibility\n in xfs readlink, which could be used by local attackers to\n crash the system or potentially execute code by mounting a\n prepared xfs filesystem image.\n * CVE-2012-0038: A overflow in the xfs acl handling was\n fixed that could be used by local attackers to crash the\n system or potentially execute code by mounting a prepared\n xfs filesystem image.\n * CVE-2011-4132: A flaw in the ext3/ext4 filesystem\n allowed a local attacker to crash the kernel by getting a\n prepared ext3/ext4 filesystem mounted.\n * CVE-2011-2494: Access to the taskstats /proc file was\n restricted to avoid local attackers gaining knowledge of IO\n of other users (and so effecting side-channel attacks for\n e.g. guessing passwords by typing speed).\n * CVE-2010-3873: When using X.25 communication a\n malicious sender could corrupt data structures, causing\n crashes or potential code execution. Please note that X.25\n needs to be setup to make this effective, which these days\n is usually not the case.\n * CVE-2010-4164: When using X.25 communication a\n malicious sender could make the machine leak memory,\n causing crashes. Please note that X.25 needs to be setup to\n make this effective, which these days is usually not the\n case.\n * CVE-2011-2699: A remote denial of service due to a\n NULL pointer dereference by using IPv6 fragments was fixed.\n\n The following non-security issues have been fixed:\n\n * elousb: Fixed bug in USB core API usage, code cleanup\n (bnc#733863).\n * cifs: overhaul cifs_revalidate and rename to\n cifs_revalidate_dentry (bnc#735453).\n * cifs: set server_eof in cifs_fattr_to_inode\n (bnc#735453).\n * xfs: Fix missing xfs_iunlock() on error recovery path\n in xfs_readlink() (bnc#726600).\n * block: add and use scsi_blk_cmd_ioctl (bnc#738400\n CVE-2011-4127).\n * block: fail SCSI passthrough ioctls on partition\n devices (bnc#738400 CVE-2011-4127).\n * dm: do not forward ioctls from logical volumes to the\n underlying device (bnc#738400 CVE-2011-4127).\n * Silence some warnings about ioctls on partitions.\n * netxen: Remove all references to unified firmware\n file (bnc#708625).\n * bonding: send out gratuitous arps even with no\n address configured (bnc#742270).\n * patches.fixes/ocfs2-serialize_unaligned_aio.patch:\n ocfs2: serialize unaligned aio (bnc#671479).\n *\n patches.fixes/bonding-check-if-clients-MAC-addr-has-changed.\n patch: Update references (bnc#729854, bnc#731004).\n * xfs: Fix wait calculations on lock acquisition and\n use milliseconds instead of jiffies to print the wait time.\n * ipmi: reduce polling when interrupts are available\n (bnc#740867).\n * ipmi: reduce polling (bnc#740867).\n * Linux 2.6.32.54.\n * export shrink_dcache_for_umount_subtree.\n * patches.suse/stack-unwind: Fix more 2.6.29 merge\n problems plus a glue code problem (bnc#736018).\n * PM / Sleep: Fix race between CPU hotplug and freezer\n (bnc#740535).\n * jbd: Issue cache flush after checkpointing\n (bnc#731770).\n * lpfc: make sure job exists when processing BSG\n (bnc#735635).\n * Linux 2.6.32.53.\n * blktap: fix locking (again) (bnc#724734).\n * xen: Update Xen patches to 2.6.32.52.\n * Linux 2.6.32.52.\n * Linux 2.6.32.51.\n * Linux 2.6.32.50.\n * reiserfs: Lock buffers unconditionally in\n reiserfs_write_full_page() (bnc#716023).\n * writeback: Include all dirty inodes in background\n writeback (bnc#716023).\n * reiserfs: Fix quota mount option parsing (bnc#728626).\n * bonding: check if clients MAC addr has changed\n (bnc#729854).\n * rpc client can not deal with ENOSOCK, so translate it\n into ENOCONN (bnc#733146).\n * st: modify tape driver to allow writing immediate\n filemarks (bnc#688996).\n * xfs: fix for xfssyncd failure to wake (bnc#722910).\n * ipmi: Fix deadlock in start_next_msg().\n * net: bind() fix error return on wrong address family\n (bnc#735216).\n * net: ipv4: relax AF_INET check in bind() (bnc#735216).\n * net/ipv6: check for mistakenly passed in non-AF_INET6\n sockaddrs (bnc#735216).\n * Bluetooth: Fixed Atheros AR3012 Maryann PID/VID\n supported (bnc#732296).\n * percpu: fix chunk range calculation (bnc#668872).\n * x86, UV: Fix kdump reboot (bnc#735446).\n * dm: Use done_bytes for io_completion (bnc#711378).\n * Bluetooth: Add Atheros AR3012 Maryann PID/VID\n supported. (bnc#732296)\n * Bluetooth: Add Atheros AR3012 one PID/VID supported.\n (bnc#732296)\n * fix missing hunk in oplock break patch (bnc#706973).\n * patches.arch/s390-34-01-pfault-cpu-hotplug.patch:\n Refresh. Surrounded s390x lowcore change with __GENKSYMS__\n (bnc#728339)\n * patches.xen/xen3-patch-2.6.30: Refresh.\n * sched, x86: Avoid unnecessary overflow in sched_clock\n (bnc#725709).\n * ACPI thermal: Do not invalidate thermal zone if\n critical trip point is bad.\n", "cvss3": {}, "published": "2012-02-06T23:08:27", "type": "suse", "title": "Security update for Linux kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-4110", "CVE-2011-4127", "CVE-2011-2699", "CVE-2011-4132", "CVE-2011-2494", "CVE-2011-4077", "CVE-2010-4164", "CVE-2010-3873", "CVE-2011-4081", "CVE-2012-0038"], "modified": "2012-02-06T23:08:27", "id": "SUSE-SU-2012:0153-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00001.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:20", "description": "The SUSE Linux Enterprise 11 SP1 kernel has been updated to\n 2.6.32.54, fixing numerous bugs and security issues.\n\n The following security issues have been fixed:\n\n * A potential hypervisor escape by issuing SG_IO\n commands to partitiondevices was fixed by restricting\n access to these commands. ( CVE-2011-4127\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4127\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4127</a>\n &gt; )\n * KEYS: Fix a NULL pointer deref in the user-defined\n key type, which allowed local attackers to Oops the kernel.\n (CVE-2011-4110\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110</a>\n &gt; )\n * Avoid potential NULL pointer deref in ghash, which\n allowed local attackers to Oops the kernel. (CVE-2011-4081\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4081\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4081</a>\n &gt; )\n * Fixed a memory corruption possibility in xfs\n readlink, which could be used by local attackers to crash\n the system or potentially execute code by mounting a\n prepared xfs filesystem image. (CVE-2011-4077\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077</a>\n &gt; )\n * A overflow in the xfs acl handling was fixed that\n could be used by local attackers to crash the system or\n potentially execute code by mounting a prepared xfs\n filesystem image. (CVE-2012-0038\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0038\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0038</a>\n &gt; )\n * A flaw in the ext3/ext4 filesystem allowed a local\n attacker to crash the kernel by getting a prepared\n ext3/ext4 filesystem mounted. ( CVE-2011-4132\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132</a>\n &gt; )\n * Access to the taskstats /proc file was restricted to\n avoid local attackers gaining knowledge of IO of other\n users (and so effecting side-channel attacks for e.g.\n guessing passwords by typing speed). ( CVE-2011-2494\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494</a>\n &gt; )\n * When using X.25 communication a malicious sender\n could corrupt data structures, causing crashes or potential\n code execution. Please note that X.25 needs to be setup to\n make this effective, which these days is usually not the\n case. (CVE-2010-3873\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3873\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3873</a>\n &gt; )\n * When using X.25 communication a malicious sender\n could make the machine leak memory, causing crashes. Please\n note that X.25 needs to be setup to make this effective,\n which these days is usually not the case. (CVE-2010-4164\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4164\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4164</a>\n &gt; )\n * A remote denial of service due to a NULL pointer\n dereference by using IPv6 fragments was fixed.\n (CVE-2011-2699\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699</a>\n &gt; )\n\n The following non-security issues have been fixed (excerpt\n from changelog):\n\n * elousb: Fixed bug in USB core API usage, code cleanup.\n * cifs: overhaul cifs_revalidate and rename to\n cifs_revalidate_dentry.\n * cifs: set server_eof in cifs_fattr_to_inode.\n * xfs: Fix missing xfs_iunlock() on error recovery path\n in xfs_readlink().\n * Silence some warnings about ioctls on partitions.\n * netxen: Remove all references to unified firmware\n file.\n * bonding: send out gratuitous arps even with no\n address configured.\n * patches.fixes/ocfs2-serialize_unaligned_aio.patch:\n ocfs2: serialize unaligned aio.\n *\n patches.fixes/bonding-check-if-clients-MAC-addr-has-changed.\n patch: Update references.\n * xfs: Fix wait calculations on lock acquisition and\n use milliseconds instead of jiffies to print the wait time.\n * ipmi: reduce polling when interrupts are available.\n * ipmi: reduce polling.\n * export shrink_dcache_for_umount_subtree.\n * patches.suse/stack-unwind: Fix more 2.6.29 merge\n problems plus a glue code problem.\n * PM / Sleep: Fix race between CPU hotplug and freezer.\n * jbd: Issue cache flush after checkpointing.\n * lpfc: make sure job exists when processing BSG.\n * blktap: fix locking (again).\n * xen: Update Xen patches to 2.6.32.52.\n * reiserfs: Lock buffers unconditionally in\n reiserfs_write_full_page().\n * writeback: Include all dirty inodes in background\n writeback.\n * reiserfs: Fix quota mount option parsing.\n * bonding: check if clients MAC addr has changed.\n * rpc client can not deal with ENOSOCK, so translate it\n into ENOCONN.\n * st: modify tape driver to allow writing immediate\n filemarks.\n * xfs: fix for xfssyncd failure to wake.\n * ipmi: Fix deadlock in start_next_msg().\n * net: bind() fix error return on wrong address family.\n * net: ipv4: relax AF_INET check in bind().\n * net/ipv6: check for mistakenly passed in non-AF_INET6\n sockaddrs.\n * Bluetooth: Fixed Atheros AR3012 Maryann PID/VID\n supported.\n * percpu: fix chunk range calculation.\n * x86, UV: Fix kdump reboot.\n * dm: Use done_bytes for io_completion.\n * Bluetooth: Add Atheros AR3012 Maryann PID/VID\n supported.\n * Bluetooth: Add Atheros AR3012 one PID/VID supported.\n * fix missing hunk in oplock break patch.\n * patches.arch/s390-34-01-pfault-cpu-hotplug.patch:\n Refresh.\n * Surrounded s390x lowcore change with __GENKSYMS__\n * patches.xen/xen3-patch-2.6.30: Refresh.\n * sched, x86: Avoid unnecessary overflow in sched_clock.\n * ACPI thermal: Do not invalidate thermal zone if\n critical trip point is bad.\n", "cvss3": {}, "published": "2012-02-06T15:08:23", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-4110", "CVE-2011-4127", "CVE-2011-2699", "CVE-2011-4132", "CVE-2011-2494", "CVE-2011-4077", "CVE-2010-4164", "CVE-2010-3873", "CVE-2011-4081", "CVE-2012-0038"], "modified": "2012-02-06T15:08:23", "id": "SUSE-SU-2012:0153-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00000.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:39", "description": "The SUSE Linux Enterprise Server 11 SP1 Realtime kernel was\n updated to 2.6.33.20 to fix various bugs and security\n issues.\n\n The following security issues have been fixed:\n\n * CVE-2011-4110: KEYS: Fix a NULL pointer deref in the\n user-defined key type, which allowed local attackers to\n Oops the kernel.\n * CVE-2011-4081: Avoid potential NULL pointer deref in\n ghash, which allowed local attackers to Oops the kernel.\n * CVE-2010-3873: When using X.25 communication a\n malicious sender could corrupt data structures, causing\n crashes or potential code execution. Please note that X.25\n needs to be setup to make this effective, which these days\n is usually not the case.\n * CVE-2011-2203: A NULL ptr dereference on mounting\n corrupt hfs filesystems was fixed which could be used by\n local attackers to crash the kernel.\n * CVE-2011-3191: A malicious CIFS server could cause a\n integer overflow on the local machine on directory index\n operations, in turn causing memory corruption.\n * CVE-2011-3353: In the fuse filesystem,\n FUSE_NOTIFY_INVAL_ENTRY did not check the length of the\n write so the message processing could overrun and result in\n a BUG_ON() in fuse_copy_fill(). This flaw could be used by\n local users able to mount FUSE filesystems to crash the\n system.\n * CVE-2011-4326: A bug was found in the way headroom\n check was performed in udp6_ufo_fragment() function. A\n remote attacker could use this flaw to crash the system.\n * CVE-2011-1576: The Generic Receive Offload (GRO)\n implementation in the Linux kernel allowed remote attackers\n to cause a denial of service via crafted VLAN packets that\n are processed by the napi_reuse_skb function, leading to\n (1) a memory leak or (2) memory corruption, a different\n vulnerability than CVE-2011-1478.\n * CVE-2011-1833: Added a kernel option to ensure\n ecryptfs is mounting only on paths belonging to the current\n ui, which would have allowed local attackers to potentially\n gain privileges via symlink attacks.\n * CVE-2011-2918: In the perf framework software event\n overflows could deadlock or delete an uninitialized timer.\n\n Included in Linux 2.6.32.19 stable update:\n\n * CVE-2011-2928: The befs_follow_link function in\n fs/befs/linuxvfs.c in the Linux kernel did not validate the\n length attribute of long symlinks, which allowed local\n users to cause a denial of service (incorrect pointer\n dereference and OOPS) by accessing a long symlink on a\n malformed Be filesystem.\n * CVE-2011-3353: In the fuse filesystem,\n FUSE_NOTIFY_INVAL_ENTRY did not check the length of the\n write so the message processing could overrun and result in\n a BUG_ON() in fuse_copy_fill(). This flaw could be used by\n local users able to mount FUSE filesystems to crash the\n system.\n * CVE-2011-1577: The Linux kernel automatically\n evaluated partition tables of storage devices. The code for\n evaluating EFI GUID partitions (in fs/partitions/efi.c)\n contained a bug that causes a kernel oops on certain\n corrupted GUID partition tables, which might be used by\n local attackers to crash the kernel or potentially execute\n code.\n\n The following non security bugs have been fixed:\n\n * Fix DL980G7 numa enumeration problem. HP bios SRAT\n table contains more entries (256) than SLERT NR_CPUS (128).\n Pull in mainline fixes to always parse the entire table,\n regardless of configured NR_CPUS.\n * x86, acpi: Parse all SRAT cpu entries even above the\n cpu number limitation (bnc#745881).\n * x86, ia64, acpi: Clean up x86-ism in\n drivers/acpi/numa.c (bnc#745881).\n * rt, timerfd: fix timerfd_settime() livelock.\n * Fix build failure on 12.1 systems.\n CONFIG_BUILD_DOCSRC builds Documentation/video4linux but\n without reference to local includes, thus build only\n succeeds on older SUSE releases where linux-glibc-devel\n provides (obsolete) videodev.h. Add upstream patch which\n drops support for v4lgrab.c which is safe as sample\n executable is not packaged in any released rpm.\n * Add missing references symset for the rt flavor\n (bnc#722406#c69).\n * Pick up SP1 82576 ET2 Quad Port driver addon. Pick up\n I350 as well, since it's just recognition of a follow-on\n part for 82580.\n * igb: Add support for 82576 ET2 Quad Port Server\n Adapter (bnc#591293, bnc#722406).\n * igb: add support for Intel I350 Gigabit Network\n Connection (bnc#590980).\n * Fix regression introduced by backport of mainline\n commit 43fa5460\n * sched/rt: Migrate equal priority tasks to available\n CPUs.\n * sched: fix broken SCHED_RESET_ON_FORK handling\n (bnc#708877).\n * sched: Fix rt_rq runtime leakage bug (bnc#707096).\n", "cvss3": {}, "published": "2012-03-14T00:08:32", "type": "suse", "title": "Security update for Real Time Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-4110", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-1833", "CVE-2011-3353", "CVE-2011-2203", "CVE-2010-3873", "CVE-2011-4326", "CVE-2011-4081", "CVE-2011-3191", "CVE-2011-1577"], "modified": "2012-03-14T00:08:32", "id": "SUSE-SU-2012:0364-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00011.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:33", "description": "The openSUSE 11.3 kernel was updated to fix various bugs\n and security issues.\n\n Following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function\n in the Linux kernels packet scheduler API implementation to\n be called on built-in qdisc structures. A local,\n unprivileged user could have used this flaw to trigger a\n NULL pointer dereference, resulting in a denial of service.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-1576: The Generic Receive Offload (GRO)\n implementation in the Linux kernel allowed remote attackers\n to cause a denial of service via crafted VLAN packets that\n are processed by the napi_reuse_skb function, leading to\n (1) a memory leak or (2) memory corruption, a different\n vulnerability than CVE-2011-1478.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n to read kernel memory.\n\n CVE-2011-2203: A NULL ptr dereference on mounting corrupt\n hfs filesystems was fixed which could be used by local\n attackers to crash the kernel.\n\n CVE-2011-4081: Using the crypto interface a local user\n could Oops the kernel by writing to a AF_ALG socket.\n\n", "cvss3": {}, "published": "2012-02-09T19:09:19", "type": "suse", "title": "kernel: security and bugfix update. (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-2525"], "modified": "2012-02-09T19:09:19", "id": "OPENSUSE-SU-2012:0206-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00004.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:30:36", "description": "The openSUSE 11.4 kernel was updated to fix bugs and\n security issues.\n\n Following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-1173: A kernel information leak via ip6_tables was\n fixed.\n\n CVE-2011-1172: A kernel information leak via ip6_tables\n netfilter was fixed.\n\n CVE-2011-1171: A kernel information leak via ip_tables was\n fixed.\n\n CVE-2011-1170: A kernel information leak via arp_tables was\n fixed.\n\n CVE-2011-1080: A kernel information leak via netfilter was\n fixed.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n to read kernel memory.\n\n CVE-2011-4087: A local denial of service when using bridged\n networking via a flood ping was fixed.\n\n CVE-2011-2203: A NULL ptr dereference on mounting corrupt\n hfs filesystems was fixed which could be used by local\n attackers to crash the kernel.\n\n CVE-2011-4081: Using the crypto interface a local user\n could Oops the kernel by writing to a AF_ALG socket.\n\n", "cvss3": {}, "published": "2012-02-09T19:10:55", "type": "suse", "title": "kernel: security and bugfix update. (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-4087", "CVE-2011-1173", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-1080"], "modified": "2012-02-09T19:10:55", "id": "OPENSUSE-SU-2012:0236-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00010.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2023-01-01T04:46:14", "description": "**CentOS Errata and Security Advisory** CESA-2012:0350\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A buffer overflow flaw was found in the way the Linux kernel's XFS file\nsystem implementation handled links with overly long path names. A local,\nunprivileged user could use this flaw to cause a denial of service or\nescalate their privileges by mounting a specially-crafted disk.\n(CVE-2011-4077, Moderate)\n\n* Flaws in ghash_update() and ghash_final() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\n* A flaw was found in the Linux kernel's Journaling Block Device (JBD). A\nlocal, unprivileged user could use this flaw to crash the system by\nmounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n\n* It was found that the kvm_vm_ioctl_assign_device() function in the KVM\n(Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if\nthe user requesting device assignment was privileged or not. A local,\nunprivileged user on the host could assign unused PCI devices, or even\ndevices that were in use and whose resources were not properly claimed by\nthe respective drivers, which could result in the host crashing.\n(CVE-2011-4347, Moderate)\n\n* Two flaws were found in the way the Linux kernel's __sys_sendmsg()\nfunction, when invoked via the sendmmsg() system call, accessed user-space\nmemory. A local, unprivileged user could use these flaws to cause a denial\nof service. (CVE-2011-4594, Moderate)\n\n* The RHSA-2011:1530 kernel update introduced an integer overflow flaw in\nthe Linux kernel. On PowerPC systems, a local, unprivileged user could use\nthis flaw to cause a denial of service. (CVE-2011-4611, Moderate)\n\n* A flaw was found in the way the KVM subsystem of a Linux kernel handled\nPIT (Programmable Interval Timer) IRQs (interrupt requests) when there was\nno virtual interrupt controller set up. A local, unprivileged user on the\nhost could force this situation to occur, resulting in the host crashing.\n(CVE-2011-4622, Moderate)\n\n* A flaw was found in the way the Linux kernel's XFS file system\nimplementation handled on-disk Access Control Lists (ACLs). A local,\nunprivileged user could use this flaw to cause a denial of service or\nescalate their privileges by mounting a specially-crafted disk.\n(CVE-2012-0038, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM hypervisor\nimplementation emulated the syscall instruction for 32-bit guests. An\nunprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045, Moderate)\n\n* A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207, Moderate)\n\nRed Hat would like to thank Nick Bowler for reporting CVE-2011-4081; Sasha\nLevin for reporting CVE-2011-4347; Tetsuo Handa for reporting\nCVE-2011-4594; Maynard Johnson for reporting CVE-2011-4611; Wang Xi for\nreporting CVE-2012-0038; Stephan B\u00e4rwolf for reporting CVE-2012-0045; and\nSimon McVittie for reporting CVE-2012-0207. Upstream acknowledges Mathieu\nDesnoyers as the original reporter of CVE-2011-4594.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-March/067943.html\n\n**Affected packages:**\nkernel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0350", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2012-03-07T18:09:51", "type": "centos", "title": "kernel, perf, python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207"], "modified": "2012-03-07T18:09:51", "id": "CESA-2012:0350", "href": "https://lists.centos.org/pipermail/centos-announce/2012-March/067943.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:44:56", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A buffer overflow flaw was found in the way the Linux kernel's XFS file\nsystem implementation handled links with overly long path names. A local,\nunprivileged user could use this flaw to cause a denial of service or\nescalate their privileges by mounting a specially-crafted disk.\n(CVE-2011-4077, Moderate)\n\n* Flaws in ghash_update() and ghash_final() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\n* A flaw was found in the Linux kernel's Journaling Block Device (JBD). A\nlocal, unprivileged user could use this flaw to crash the system by\nmounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)\n\n* It was found that the kvm_vm_ioctl_assign_device() function in the KVM\n(Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if\nthe user requesting device assignment was privileged or not. A local,\nunprivileged user on the host could assign unused PCI devices, or even\ndevices that were in use and whose resources were not properly claimed by\nthe respective drivers, which could result in the host crashing.\n(CVE-2011-4347, Moderate)\n\n* Two flaws were found in the way the Linux kernel's __sys_sendmsg()\nfunction, when invoked via the sendmmsg() system call, accessed user-space\nmemory. A local, unprivileged user could use these flaws to cause a denial\nof service. (CVE-2011-4594, Moderate)\n\n* The RHSA-2011:1530 kernel update introduced an integer overflow flaw in\nthe Linux kernel. On PowerPC systems, a local, unprivileged user could use\nthis flaw to cause a denial of service. (CVE-2011-4611, Moderate)\n\n* A flaw was found in the way the KVM subsystem of a Linux kernel handled\nPIT (Programmable Interval Timer) IRQs (interrupt requests) when there was\nno virtual interrupt controller set up. A local, unprivileged user on the\nhost could force this situation to occur, resulting in the host crashing.\n(CVE-2011-4622, Moderate)\n\n* A flaw was found in the way the Linux kernel's XFS file system\nimplementation handled on-disk Access Control Lists (ACLs). A local,\nunprivileged user could use this flaw to cause a denial of service or\nescalate their privileges by mounting a specially-crafted disk.\n(CVE-2012-0038, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM hypervisor\nimplementation emulated the syscall instruction for 32-bit guests. An\nunprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045, Moderate)\n\n* A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207, Moderate)\n\nRed Hat would like to thank Nick Bowler for reporting CVE-2011-4081; Sasha\nLevin for reporting CVE-2011-4347; Tetsuo Handa for reporting\nCVE-2011-4594; Maynard Johnson for reporting CVE-2011-4611; Wang Xi for\nreporting CVE-2012-0038; Stephan B\u00e4rwolf for reporting CVE-2012-0045; and\nSimon McVittie for reporting CVE-2012-0207. Upstream acknowledges Mathieu\nDesnoyers as the original reporter of CVE-2011-4594.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2012-03-06T00:00:00", "type": "redhat", "title": "(RHSA-2012:0350) Moderate: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207"], "modified": "2018-06-06T16:24:07", "id": "RHSA-2012:0350", "href": "https://access.redhat.com/errata/RHSA-2012:0350", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:36:29", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way the Linux kernel's KVM hypervisor\nimplementation emulated the syscall instruction for 32-bit guests. An\nunprivileged guest user could trigger this flaw to crash the guest.\n(CVE-2012-0045)\n\nA divide-by-zero flaw was found in the Linux kernel's igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207)\n\nRed Hat would like to thank Stephan B\u00e4rwolf for reporting CVE-2012-0045,\nand Simon McVittie for reporting CVE-2012-0207.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4347, CVE-2011-4594,\nCVE-2011-4611, CVE-2011-4622 and CVE-2012-0038 (kernel issues)\n\nCVE-2012-0444 (libvorbis issue)\n\nCVE-2012-0841 (libxml2 issue)\n\nThis update also fixes the following bug:\n\n* The rhev-hypervisor5 and rhev-hypervisor6 packages sometimes updated the\nsymbolic links in the /usr/share/rhev-hypervisor/ directory with incorrect\ntargets. The packages have been updated, they now always update the\nsymbolic links with the correct targets. (BZ#784706)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2012-03-26T00:00:00", "type": "redhat", "title": "(RHSA-2012:0422) Moderate: rhev-hypervisor6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4347", "CVE-2011-4594", "CVE-2011-4611", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0045", "CVE-2012-0207", "CVE-2012-0444", "CVE-2012-0841"], "modified": "2018-06-07T04:59:39", "id": "RHSA-2012:0422", "href": "https://access.redhat.com/errata/RHSA-2012:0422", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:37:43", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A malicious CIFS (Common Internet File System) server could send a\nspecially-crafted response to a directory read request that would result in\na denial of service or privilege escalation on a system that has a CIFS\nshare mounted. (CVE-2011-3191, Important)\n\n* The way fragmented IPv6 UDP datagrams over the bridge with UDP\nFragmentation Offload (UFO) functionality on were handled could allow a\nremote attacker to cause a denial of service. (CVE-2011-4326, Important)\n\n* GRO (Generic Receive Offload) fields could be left in an inconsistent\nstate. An attacker on the local network could use this flaw to cause a\ndenial of service. GRO is enabled by default in all network drivers that\nsupport it. (CVE-2011-2723, Moderate)\n\n* IPv4 and IPv6 protocol sequence number and fragment ID generation could\nallow a man-in-the-middle attacker to inject packets and possibly hijack\nconnections. Protocol sequence numbers and fragment IDs are now more\nrandom. (CVE-2011-3188, Moderate)\n\n* A flaw in the FUSE (Filesystem in Userspace) implementation could allow\na local user in the fuse group who has access to mount a FUSE file system\nto cause a denial of service. (CVE-2011-3353, Moderate)\n\n* A flaw in the b43 driver. If a system had an active wireless interface\nthat uses the b43 driver, an attacker able to send a specially-crafted\nframe to that interface could cause a denial of service. (CVE-2011-3359,\nModerate)\n\n* A flaw in the way CIFS shares with DFS referrals at their root were\nhandled could allow an attacker on the local network, who is able to deploy\na malicious CIFS server, to create a CIFS network share that, when mounted,\nwould cause the client system to crash. (CVE-2011-3363, Moderate)\n\n* A flaw in the m_stop() implementation could allow a local, unprivileged\nuser to trigger a denial of service. (CVE-2011-3637, Moderate)\n\n* Flaws in ghash_update() and ghash_final() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)\n\n* A flaw in the key management facility could allow a local, unprivileged\nuser to cause a denial of service via the keyctl utility. (CVE-2011-4110,\nModerate)\n\n* A flaw in the Journaling Block Device (JBD) could allow a local attacker\nto crash the system by mounting a specially-crafted ext3 or ext4 disk.\n(CVE-2011-4132, Moderate)\n\n* A flaw in the way memory containing security-related data was handled in\ntpm_read() could allow a local, unprivileged user to read the results of a\npreviously run TPM command. (CVE-2011-1162, Low)\n\n* I/O statistics from the taskstats subsystem could be read without any\nrestrictions, which could allow a local, unprivileged user to gather\nconfidential information, such as the length of a password used in a\nprocess. (CVE-2011-2494, Low)\n\n* Flaws in tpacket_rcv() and packet_recvmsg() could allow a local,\nunprivileged user to leak information to user-space. (CVE-2011-2898, Low)\n\nRed Hat would like to thank Darren Lavender for reporting CVE-2011-3191;\nBrent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting\nCVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for\nreporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and\nVasiliy Kulikov of Openwall for reporting CVE-2011-2494.\n\nThis update also fixes the following bugs:\n\n* Previously, a mismatch in the build-id of the kernel-rt and the one in\nthe related debuginfo package caused failures in SystemTap and perf.\n(BZ#768413)\n\n* IBM x3650m3 systems were not able to boot the MRG Realtime kernel because\nthey require a pmcraid driver that was not available. The pmcraid driver is\nincluded in this update. (BZ#753992)\n\nUsers should upgrade to these updated packages, which correct these issues.\nThe system must be rebooted for this update to take effect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2012-01-10T00:00:00", "type": "redhat", "title": "(RHSA-2012:0010) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1162", "CVE-2011-2494", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-3359", "CVE-2011-3363", "CVE-2011-3637", "CVE-2011-4081", "CVE-2011-4110", "CVE-2011-4132", "CVE-2011-4326"], "modified": "2018-06-07T04:58:36", "id": "RHSA-2012:0010", "href": "https://access.redhat.com/errata/RHSA-2012:0010", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2011-11-04T20:29:13", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: kernel-2.6.35.14-103.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2962", "CVE-2010-2963", "CVE-2010-3698", "CVE-2010-3880", "CVE-2010-3904", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4668", "CVE-2011-1083", "CVE-2011-1161", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1770", "CVE-2011-1833", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-4077", "CVE-2011-4081"], "modified": "2011-11-04T20:29:13", "id": "FEDORA:ACEFF2102F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LBQ3G4EW7VISSGVSJ7N42BGFVZM6ZLMV/", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "cvss3": {}, "published": "2011-11-29T00:22:10", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: kernel-2.6.35.14-106.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2962", "CVE-2010-2963", "CVE-2010-3698", "CVE-2010-3880", "CVE-2010-3904", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4668", "CVE-2011-1083", "CVE-2011-1161", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1770", "CVE-2011-1833", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4110", "CVE-2011-4132", "CVE-2011-4326"], "modified": "2011-11-29T00:22:10", "id": "FEDORA:CAA68215A9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3LWMRH7DCSDXJDGZUQFZBFHBHGGPHEMV/", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}]}