DATABASE RESOURCES PRICING ABOUT US

{"id": "USN-2442-1", "vendorId": null, "type": "ubuntu", "bulletinFamily": "unix", "title": "Linux kernel (EC2) vulnerabilities", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux-ec2 \\- Linux kernel for EC2\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nA null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nJouni Malinen reported a flaw in the handling of fragmentation in the \nmac8Linux subsystem of the kernel. A remote attacker could exploit this \nflaw to obtain potential sensitive cleartext information by reading \npackets. (CVE-2014-8709)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "published": "2014-12-12T00:00:00", "modified": "2014-12-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://ubuntu.com/security/notices/USN-2442-1", "reporter": "Ubuntu", "references": ["/security/CVE-2014-3688", "/security/CVE-2014-8134", "/security/CVE-2014-8884", "/security/CVE-2014-8709", "/security/CVE-2014-3687", "/security/CVE-2014-3673", "/security/CVE-2014-9090", "/security/CVE-2014-7841"], "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-8134", "CVE-2014-8709", "CVE-2014-8884", "CVE-2014-9090"], "immutableFields": [], "lastseen": "2023-02-13T03:17:25", "viewCount": 32, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2014-455"]}, {"type": "androidsecurity", "idList": ["ANDROID:2017-03-01"]}, {"type": "centos", "idList": ["CESA-2014:1971", "CESA-2014:1997", "CESA-2015:0087", "CESA-2015:0102", "CESA-2015:0290", "CESA-2015:0864", "CESA-2015:1272", "CESA-2016:0855"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0468"]}, {"type": "cve", "idList": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-8134", "CVE-2014-8709", "CVE-2014-8884", "CVE-2014-9090"]}, {"type": "debian", "idList": ["DEBIAN:DLA-103-1:4B38C", "DEBIAN:DLA-103-1:72B78", "DEBIAN:DLA-118-1:98410", "DEBIAN:DLA-118-1:A34E1", "DEBIAN:DLA-155-1:5E8B0", "DEBIAN:DSA-3060-1:12BAD", "DEBIAN:DSA-3060-1:394A4", "DEBIAN:DSA-3093-1:AEFDE", "DEBIAN:DSA-3093-1:CD001"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3673", "DEBIANCVE:CVE-2014-3687", "DEBIANCVE:CVE-2014-3688", "DEBIANCVE:CVE-2014-7841", "DEBIANCVE:CVE-2014-8134", "DEBIANCVE:CVE-2014-8709", "DEBIANCVE:CVE-2014-8884", "DEBIANCVE:CVE-2014-9090"]}, {"type": "f5", "idList": ["F5:K15910", "F5:K16016", "F5:K16025", "F5:K17120", "SOL15908", "SOL15910", "SOL16016", "SOL16025", "SOL16348", "SOL16558", "SOL17120"]}, {"type": "fedora", "idList": ["FEDORA:0777460874C8", "FEDORA:131186087E1C", "FEDORA:1661D600FD84", "FEDORA:2F13360877A3", "FEDORA:3060D60E9A21", "FEDORA:33D8860877E1", "FEDORA:39B5660877A6", "FEDORA:4359160906D1", "FEDORA:4375D611D164", "FEDORA:4A2C76087582", "FEDORA:4F15F6087C54", "FEDORA:51EB2601616F", "FEDORA:60B8C60918D5", "FEDORA:7734E613B647", "FEDORA:86B1960C79A2", "FEDORA:8E01360DC908", "FEDORA:8EFBC604949F", "FEDORA:92F5160877B4", "FEDORA:A183560BC97A", "FEDORA:A4C8660C350E", "FEDORA:B7EB96087DBD", "FEDORA:B9C4760130DC", "FEDORA:BD41660BC2B1", "FEDORA:C26F460906BA", "FEDORA:C35B860CD859", "FEDORA:CE3236087E07", "FEDORA:CFDB8604972F", "FEDORA:D0CC960762B3", "FEDORA:DFF016087D0B", "FEDORA:E1CE2605E17A"]}, {"type": "mageia", "idList": ["MGASA-2015-0006", "MGASA-2015-0075", "MGASA-2015-0076", "MGASA-2015-0077", "MGASA-2015-0078"]}, {"type": "nessus", "idList": ["ALA_ALAS-2014-455.NASL", "CENTOS_RHSA-2014-1971.NASL", "CENTOS_RHSA-2014-1997.NASL", "CENTOS_RHSA-2015-0087.NASL", "CENTOS_RHSA-2015-0102.NASL", "CENTOS_RHSA-2015-0290.NASL", "CENTOS_RHSA-2015-0864.NASL", "CENTOS_RHSA-2015-1272.NASL", "CENTOS_RHSA-2016-0855.NASL", "DEBIAN_DLA-103.NASL", "DEBIAN_DLA-118.NASL", "DEBIAN_DLA-155.NASL", "DEBIAN_DSA-3060.NASL", "DEBIAN_DSA-3093.NASL", "EULEROS_SA-2019-1480.NASL", "EULEROS_SA-2019-1483.NASL", "EULEROS_SA-2019-1513.NASL", "EULEROS_SA-2019-1517.NASL", "EULEROS_SA-2019-1522.NASL", "EULEROS_SA-2019-1526.NASL", "EULEROS_SA-2019-1527.NASL", "EULEROS_SA-2019-1529.NASL", "EULEROS_SA-2019-1533.NASL", "EULEROS_SA-2019-1534.NASL", "EULEROS_SA-2021-1808.NASL", "F5_BIGIP_SOL15910.NASL", "F5_BIGIP_SOL16016.NASL", "F5_BIGIP_SOL16025.NASL", "FEDORA_2014-13558.NASL", "FEDORA_2014-14068.NASL", "FEDORA_2014-14126.NASL", "FEDORA_2014-15159.NASL", "FEDORA_2014-15200.NASL", "FEDORA_2014-16448.NASL", "FEDORA_2014-16632.NASL", "FEDORA_2014-17244.NASL", "FEDORA_2014-17283.NASL", "FEDORA_2014-17293.NASL", "MANDRIVA_MDVSA-2014-230.NASL", "MANDRIVA_MDVSA-2015-027.NASL", "OPENSUSE-2014-791.NASL", "OPENSUSE-2014-793.NASL", "OPENSUSE-2014-794.NASL", "OPENSUSE-2015-301.NASL", "OPENSUSE-2015-302.NASL", "OPENSUSE-2016-124.NASL", "ORACLELINUX_ELSA-2014-1971.NASL", "ORACLELINUX_ELSA-2014-1997.NASL", "ORACLELINUX_ELSA-2014-3087.NASL", "ORACLELINUX_ELSA-2014-3088.NASL", "ORACLELINUX_ELSA-2014-3089.NASL", "ORACLELINUX_ELSA-2014-3096.NASL", "ORACLELINUX_ELSA-2014-3103.NASL", "ORACLELINUX_ELSA-2014-3104.NASL", "ORACLELINUX_ELSA-2014-3105.NASL", "ORACLELINUX_ELSA-2014-3106.NASL", "ORACLELINUX_ELSA-2014-3107.NASL", "ORACLELINUX_ELSA-2014-3108.NASL", "ORACLELINUX_ELSA-2015-0087.NASL", "ORACLELINUX_ELSA-2015-0102.NASL", "ORACLELINUX_ELSA-2015-0290.NASL", "ORACLELINUX_ELSA-2015-0864.NASL", "ORACLELINUX_ELSA-2015-1272.NASL", "ORACLELINUX_ELSA-2015-3003.NASL", "ORACLELINUX_ELSA-2015-3004.NASL", "ORACLELINUX_ELSA-2015-3005.NASL", "ORACLELINUX_ELSA-2015-3012.NASL", "ORACLELINUX_ELSA-2015-3013.NASL", "ORACLELINUX_ELSA-2015-3014.NASL", "ORACLELINUX_ELSA-2015-3015.NASL", "ORACLELINUX_ELSA-2016-0855.NASL", "ORACLEVM_OVMSA-2015-0034.NASL", "ORACLEVM_OVMSA-2015-0040.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "REDHAT-RHSA-2014-1971.NASL", "REDHAT-RHSA-2014-1997.NASL", "REDHAT-RHSA-2015-0043.NASL", "REDHAT-RHSA-2015-0062.NASL", "REDHAT-RHSA-2015-0087.NASL", "REDHAT-RHSA-2015-0102.NASL", "REDHAT-RHSA-2015-0115.NASL", "REDHAT-RHSA-2015-0284.NASL", "REDHAT-RHSA-2015-0285.NASL", "REDHAT-RHSA-2015-0290.NASL", "REDHAT-RHSA-2015-0695.NASL", "REDHAT-RHSA-2015-0782.NASL", "REDHAT-RHSA-2015-0864.NASL", "REDHAT-RHSA-2015-1272.NASL", "REDHAT-RHSA-2016-0855.NASL", "SL_20141209_KERNEL_ON_SL7_X.NASL", "SL_20141216_KERNEL_ON_SL6_X.NASL", "SL_20150127_KERNEL_ON_SL6_X.NASL", "SL_20150128_KERNEL_ON_SL7_X.NASL", "SL_20150305_KERNEL_ON_SL7_X.NASL", "SL_20150421_KERNEL_ON_SL6_X.NASL", "SL_20150722_KERNEL_ON_SL6_X.NASL", "SL_20160510_KERNEL_ON_SL6_X.NASL", "SUSE_11_KERNEL-141202.NASL", "SUSE_11_KERNEL-141217.NASL", "SUSE_11_KERNEL-150306.NASL", "SUSE_SU-2014-1698-1.NASL", "SUSE_SU-2015-0068-1.NASL", "SUSE_SU-2015-0178-1.NASL", "SUSE_SU-2015-0481-1.NASL", "SUSE_SU-2015-0529-1.NASL", "SUSE_SU-2015-0652-1.NASL", "SUSE_SU-2015-0812-1.NASL", "SUSE_SU-2018-2062-1.NASL", "SUSE_SU-2021-14849-1.NASL", "UBUNTU_USN-2417-1.NASL", "UBUNTU_USN-2441-1.NASL", "UBUNTU_USN-2442-1.NASL", "UBUNTU_USN-2443-1.NASL", "UBUNTU_USN-2445-1.NASL", "UBUNTU_USN-2446-1.NASL", "UBUNTU_USN-2447-1.NASL", "UBUNTU_USN-2447-2.NASL", "UBUNTU_USN-2448-1.NASL", "UBUNTU_USN-2448-2.NASL", "UBUNTU_USN-2465-1.NASL", "UBUNTU_USN-2466-1.NASL", "UBUNTU_USN-2467-1.NASL", "UBUNTU_USN-2468-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105161", "OPENVAS:1361412562310120012", "OPENVAS:1361412562310123058", "OPENVAS:1361412562310123129", "OPENVAS:1361412562310123155", "OPENVAS:1361412562310123158", "OPENVAS:1361412562310123159", "OPENVAS:1361412562310123160", "OPENVAS:1361412562310123167", "OPENVAS:1361412562310123190", "OPENVAS:1361412562310123191", "OPENVAS:1361412562310123192", "OPENVAS:1361412562310123193", "OPENVAS:1361412562310123194", "OPENVAS:1361412562310123211", "OPENVAS:1361412562310123212", "OPENVAS:1361412562310123213", "OPENVAS:1361412562310123219", "OPENVAS:1361412562310123223", "OPENVAS:1361412562310123224", "OPENVAS:1361412562310123227", "OPENVAS:1361412562310123230", "OPENVAS:1361412562310123250", "OPENVAS:1361412562310123251", "OPENVAS:1361412562310123252", "OPENVAS:1361412562310703060", "OPENVAS:1361412562310703093", "OPENVAS:1361412562310842038", "OPENVAS:1361412562310842039", "OPENVAS:1361412562310842043", "OPENVAS:1361412562310842044", "OPENVAS:1361412562310842058", "OPENVAS:1361412562310850626", "OPENVAS:1361412562310850628", "OPENVAS:1361412562310850649", "OPENVAS:1361412562310850670", "OPENVAS:1361412562310850682", "OPENVAS:1361412562310850746", "OPENVAS:1361412562310850776", "OPENVAS:1361412562310850805", "OPENVAS:1361412562310850817", "OPENVAS:1361412562310850918", "OPENVAS:1361412562310850978", "OPENVAS:1361412562310850992", "OPENVAS:1361412562310850994", "OPENVAS:1361412562310851002", "OPENVAS:1361412562310851078", "OPENVAS:1361412562310851176", "OPENVAS:1361412562310868434", "OPENVAS:1361412562310868437", "OPENVAS:1361412562310868489", "OPENVAS:1361412562310868501", "OPENVAS:1361412562310868583", "OPENVAS:1361412562310868627", "OPENVAS:1361412562310868810", "OPENVAS:1361412562310868851", "OPENVAS:1361412562310868859", "OPENVAS:1361412562310868914", "OPENVAS:1361412562310868920", "OPENVAS:1361412562310868954", "OPENVAS:1361412562310868980", "OPENVAS:1361412562310868984", "OPENVAS:1361412562310869077", "OPENVAS:1361412562310869091", "OPENVAS:1361412562310869115", "OPENVAS:1361412562310869136", "OPENVAS:1361412562310869213", "OPENVAS:1361412562310869281", "OPENVAS:1361412562310869284", "OPENVAS:1361412562310869369", "OPENVAS:1361412562310869374", "OPENVAS:1361412562310869392", "OPENVAS:1361412562310869459", "OPENVAS:1361412562310869476", "OPENVAS:1361412562310869857", "OPENVAS:1361412562310869889", "OPENVAS:1361412562310871306", "OPENVAS:1361412562310871309", "OPENVAS:1361412562310871329", "OPENVAS:1361412562310871358", "OPENVAS:1361412562310871413", "OPENVAS:1361412562310871611", "OPENVAS:1361412562310882110", "OPENVAS:1361412562310882114", "OPENVAS:1361412562310882174", "OPENVAS:1361412562311220191480", "OPENVAS:1361412562311220191483", "OPENVAS:1361412562311220191513", "OPENVAS:1361412562311220191517", "OPENVAS:1361412562311220191522", "OPENVAS:1361412562311220191526", "OPENVAS:1361412562311220191527", "OPENVAS:1361412562311220191529", "OPENVAS:1361412562311220191533", "OPENVAS:1361412562311220191534", "OPENVAS:703060", "OPENVAS:703093"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1971", "ELSA-2014-1997", "ELSA-2014-3087", "ELSA-2014-3088", "ELSA-2014-3089", "ELSA-2014-3096", "ELSA-2014-3103", "ELSA-2014-3104", "ELSA-2014-3105", "ELSA-2014-3106", "ELSA-2014-3107", "ELSA-2014-3108", "ELSA-2015-0087", "ELSA-2015-0102", "ELSA-2015-0290", "ELSA-2015-0864", "ELSA-2015-1272", "ELSA-2015-3003", "ELSA-2015-3004", "ELSA-2015-3005", "ELSA-2015-3012", "ELSA-2015-3013", "ELSA-2015-3014", "ELSA-2015-3015", "ELSA-2016-0855"]}, {"type": "osv", "idList": ["OSV:DLA-103-1", "OSV:DLA-118-1", "OSV:DLA-155-1", "OSV:DSA-3060-1", "OSV:DSA-3093-1"]}, {"type": "redhat", "idList": ["RHSA-2014:1971", "RHSA-2014:1997", "RHSA-2015:0043", "RHSA-2015:0062", "RHSA-2015:0087", "RHSA-2015:0102", "RHSA-2015:0115", "RHSA-2015:0284", "RHSA-2015:0285", "RHSA-2015:0290", "RHSA-2015:0695", "RHSA-2015:0782", "RHSA-2015:0864", "RHSA-2015:1272", "RHSA-2016:0855"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31325", "SECURITYVULNS:DOC:31407", "SECURITYVULNS:DOC:31490", "SECURITYVULNS:DOC:31502", "SECURITYVULNS:DOC:31621", "SECURITYVULNS:VULN:14068", "SECURITYVULNS:VULN:14146"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1669-1", "OPENSUSE-SU-2014:1677-1", "OPENSUSE-SU-2014:1678-1", "OPENSUSE-SU-2014:1735-1", "OPENSUSE-SU-2015:0566-1", "OPENSUSE-SU-2015:0713-1", "OPENSUSE-SU-2015:0714-1", "OPENSUSE-SU-2016:0301-1", "SUSE-SU-2014:1693-1", "SUSE-SU-2014:1693-2", "SUSE-SU-2014:1695-1", "SUSE-SU-2014:1695-2", "SUSE-SU-2014:1698-1", "SUSE-SU-2015:0068-1", "SUSE-SU-2015:0178-1", "SUSE-SU-2015:0481-1", "SUSE-SU-2015:0529-1", "SUSE-SU-2015:0581-1", "SUSE-SU-2015:0652-1", "SUSE-SU-2015:0736-1", "SUSE-SU-2015:0812-1", "SUSE-SU-2015:1489-1"]}, {"type": "ubuntu", "idList": ["USN-2175-1", "USN-2177-1", "USN-2221-1", "USN-2227-1", "USN-2417-1", "USN-2418-1", "USN-2441-1", "USN-2443-1", "USN-2444-1", "USN-2445-1", "USN-2446-1", "USN-2447-1", "USN-2447-2", "USN-2448-1", "USN-2448-2", "USN-2464-1", "USN-2465-1", "USN-2466-1", "USN-2467-1", "USN-2468-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3673", "UB:CVE-2014-3687", "UB:CVE-2014-3688", "UB:CVE-2014-7841", "UB:CVE-2014-8134", "UB:CVE-2014-8709", "UB:CVE-2014-8884", "UB:CVE-2014-9090"]}]}, "score": {"value": 1.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2014:1971", "CESA-2014:1997", "CESA-2015:0087", "CESA-2015:0102", "CESA-2015:0864"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0468"]}, {"type": "cve", "idList": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-8134"]}, {"type": "debian", "idList": ["DEBIAN:DLA-118-1:98410"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3673", "DEBIANCVE:CVE-2014-3687", "DEBIANCVE:CVE-2014-3688", "DEBIANCVE:CVE-2014-7841", "DEBIANCVE:CVE-2014-8134", "DEBIANCVE:CVE-2014-8709", "DEBIANCVE:CVE-2014-8884", "DEBIANCVE:CVE-2014-9090"]}, {"type": "f5", "idList": ["SOL16016"]}, {"type": "fedora", "idList": ["FEDORA:2F13360877A3", "FEDORA:51EB2601616F"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-ELSA-2015-3004/"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1480.NASL", "EULEROS_SA-2019-1483.NASL", "EULEROS_SA-2019-1526.NASL", "F5_BIGIP_SOL15910.NASL", "FEDORA_2014-14068.NASL", "FEDORA_2014-16448.NASL", "OPENSUSE-2015-301.NASL", "ORACLELINUX_ELSA-2014-3087.NASL", "ORACLELINUX_ELSA-2015-0087.NASL", "ORACLELINUX_ELSA-2015-0102.NASL", "REDHAT-RHSA-2015-0102.NASL", "SL_20150127_KERNEL_ON_SL6_X.NASL", "UBUNTU_USN-2443-1.NASL", "UBUNTU_USN-2447-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123058", "OPENVAS:1361412562310123160", "OPENVAS:1361412562310850626", "OPENVAS:1361412562310850994", "OPENVAS:1361412562310868583", "OPENVAS:1361412562310868920", "OPENVAS:1361412562310869476", "OPENVAS:1361412562310869857", "OPENVAS:1361412562310871309", "OPENVAS:1361412562311220191480", "OPENVAS:1361412562311220191483"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-3087", "ELSA-2014-3089", "ELSA-2014-3103"]}, {"type": "redhat", "idList": ["RHSA-2015:0285"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14146"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:0714-1", "SUSE-SU-2015:0481-1"]}, {"type": "ubuntu", "idList": ["USN-2465-1", "USN-2467-1", "USN-2468-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3687"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2014-3673", "epss": "0.955180000", "percentile": "0.989480000", "modified": "2023-03-14"}, {"cve": "CVE-2014-3687", "epss": "0.072190000", "percentile": "0.929510000", "modified": "2023-03-14"}, {"cve": "CVE-2014-3688", "epss": "0.376230000", "percentile": "0.965490000", "modified": "2023-03-14"}, {"cve": "CVE-2014-7841", "epss": "0.733020000", "percentile": "0.975050000", "modified": "2023-03-14"}, {"cve": "CVE-2014-8134", "epss": "0.001570000", "percentile": "0.503400000", "modified": "2023-03-14"}, {"cve": "CVE-2014-8709", "epss": "0.020500000", "percentile": "0.872060000", "modified": "2023-03-14"}, {"cve": "CVE-2014-8884", "epss": "0.000420000", "percentile": "0.056350000", "modified": "2023-03-14"}, {"cve": "CVE-2014-9090", "epss": "0.000420000", "percentile": "0.056350000", "modified": "2023-03-14"}], "vulnersScore": 1.3}, "_state": {"dependencies": 1676258347, "score": 1676258571, "epss": 1678856911}, "_internal": {"score_hash": "c88b16371e9e4937a185af4f308a22fe"}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "packageVersion": "2.6.32-374.91", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-2.6.32-374-ec2"}]}

{"ubuntu": [{"lastseen": "2023-02-13T03:17:27", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux \\- Linux kernel\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nA null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nJouni Malinen reported a flaw in the handling of fragmentation in the \nmac8Linux subsystem of the kernel. A remote attacker could exploit this \nflaw to obtain potential sensitive cleartext information by reading \npackets. (CVE-2014-8709)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-12-12T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-8134", "CVE-2014-8709", "CVE-2014-8884", "CVE-2014-9090"], "modified": "2014-12-12T00:00:00", "id": "USN-2441-1", "href": "https://ubuntu.com/security/notices/USN-2441-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T03:17:27", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register in the x86 \narchitecture. A local attacker could exploit this flaw to gain \nadministrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace \nsubsystem of the Linux kernel does not properly handle private syscall \nnumbers. A local user could exploit this flaw to cause a denial of service \n(OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the \nperf subsystem of the Linux kernel handles private systecall numbers. A \nlocal user could exploit this to cause a denial of service (OOPS) or bypass \nASLR protections via a crafted application. (CVE-2014-7825)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel \nmiscalculates the number of memory pages during the handling of a mapping \nfailure. A guest OS user could exploit this to cause a denial of service \n(host OS page unpinning) or possibly have unspecified other impact by \nleveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-12T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090", "CVE-2014-9322"], "modified": "2014-12-12T00:00:00", "id": "USN-2446-1", "href": "https://ubuntu.com/security/notices/USN-2446-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T03:17:24", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux-lts-trusty \\- Linux hardware enablement kernel from Trusty\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register in the x86 \narchitecture. A local attacker could exploit this flaw to gain \nadministrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace \nsubsystem of the Linux kernel does not properly handle private syscall \nnumbers. A local user could exploit this flaw to cause a denial of service \n(OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the \nperf subsystem of the Linux kernel handles private systecall numbers. A \nlocal user could exploit this to cause a denial of service (OOPS) or bypass \nASLR protections via a crafted application. (CVE-2014-7825)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel \nmiscalculates the number of memory pages during the handling of a mapping \nfailure. A guest OS user could exploit this to cause a denial of service \n(host OS page unpinning) or possibly have unspecified other impact by \nleveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-12T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090", "CVE-2014-9322"], "modified": "2014-12-12T00:00:00", "id": "USN-2445-1", "href": "https://ubuntu.com/security/notices/USN-2445-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T13:29:52", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux \\- Linux kernel\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register in the x86 \narchitecture. A local attacker could exploit this flaw to gain \nadministrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace \nsubsystem of the Linux kernel does not properly handle private syscall \nnumbers. A local user could exploit this flaw to cause a denial of service \n(OOPS). (CVE-2014-7826)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the \nperf subsystem of the Linux kernel handles private systecall numbers. A \nlocal user could exploit this to cause a denial of service (OOPS) or bypass \nASLR protections via a crafted application. (CVE-2014-7825)\n\nA null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-12T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-8134", "CVE-2014-8884", "CVE-2014-9090", "CVE-2014-9322"], "modified": "2014-12-12T00:00:00", "id": "USN-2443-1", "href": "https://ubuntu.com/security/notices/USN-2443-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T03:17:23", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-utopic \\- Linux hardware enablement kernel from Utopic\n\nUSN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated \nregression TCP Throughput drops to zero for several drivers after upgrading. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace \nsubsystem of the Linux kernel does not properly handle private syscall \nnumbers. A local user could exploit this flaw to cause a denial of service \n(OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the \nperf subsystem of the Linux kernel handles private systecall numbers. A \nlocal user could exploit this to cause a denial of service (OOPS) or bypass \nASLR protections via a crafted application. (CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles \npivot_root when used with a chroot directory. A local user could exploit \nthis flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the ext4_file_write_iter \nfunction of the Linux kernel's ext4 filesystem. A local user could exploit \nthis flaw to cause a denial of service (file unavailability). \n(CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel \nmiscalculates the number of memory pages during the handling of a mapping \nfailure. A guest OS user could exploit this to cause a denial of service \n(host OS page unpinning) or possibly have unspecified other impact by \nleveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-19T00:00:00", "type": "ubuntu", "title": "Linux kernel (Utopic HWE) regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-8086", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090"], "modified": "2014-12-19T00:00:00", "id": "USN-2447-2", "href": "https://ubuntu.com/security/notices/USN-2447-2", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T03:17:20", "description": "## Releases\n\n * Ubuntu 14.10 \n\n## Packages\n\n * linux \\- Linux kernel\n\nUSN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated \nregression TCP Throughput drops to zero for several drivers after upgrading. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace \nsubsystem of the Linux kernel does not properly handle private syscall \nnumbers. A local user could exploit this flaw to cause a denial of service \n(OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the \nperf subsystem of the Linux kernel handles private systecall numbers. A \nlocal user could exploit this to cause a denial of service (OOPS) or bypass \nASLR protections via a crafted application. (CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles \npivot_root when used with a chroot directory. A local user could exploit \nthis flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the ext4_file_write_iter \nfunction of the Linux kernel's ext4 filesystem. A local user could exploit \nthis flaw to cause a denial of service (file unavailability). \n(CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel \nmiscalculates the number of memory pages during the handling of a mapping \nfailure. A guest OS user could exploit this to cause a denial of service \n(host OS page unpinning) or possibly have unspecified other impact by \nleveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-19T00:00:00", "type": "ubuntu", "title": "Linux kernel regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-8086", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090"], "modified": "2014-12-19T00:00:00", "id": "USN-2448-2", "href": "https://ubuntu.com/security/notices/USN-2448-2", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T03:17:25", "description": "## Releases\n\n * Ubuntu 14.10 \n\n## Packages\n\n * linux \\- Linux kernel\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register in the x86 \narchitecture. A local attacker could exploit this flaw to gain \nadministrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace \nsubsystem of the Linux kernel does not properly handle private syscall \nnumbers. A local user could exploit this flaw to cause a denial of service \n(OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the \nperf subsystem of the Linux kernel handles private systecall numbers. A \nlocal user could exploit this to cause a denial of service (OOPS) or bypass \nASLR protections via a crafted application. (CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles \npivot_root when used with a chroot directory. A local user could exploit \nthis flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the ext4_file_write_iter \nfunction of the Linux kernel's ext4 filesystem. A local user could exploit \nthis flaw to cause a denial of service (file unavailability). \n(CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel \nmiscalculates the number of memory pages during the handling of a mapping \nfailure. A guest OS user could exploit this to cause a denial of service \n(host OS page unpinning) or possibly have unspecified other impact by \nleveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-12T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-8086", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090", "CVE-2014-9322"], "modified": "2014-12-12T00:00:00", "id": "USN-2448-1", "href": "https://ubuntu.com/security/notices/USN-2448-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T03:17:25", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-utopic \\- Linux hardware enablement kernel from Utopic\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register in the x86 \narchitecture. A local attacker could exploit this flaw to gain \nadministrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace \nsubsystem of the Linux kernel does not properly handle private syscall \nnumbers. A local user could exploit this flaw to cause a denial of service \n(OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the \nperf subsystem of the Linux kernel handles private systecall numbers. A \nlocal user could exploit this to cause a denial of service (OOPS) or bypass \nASLR protections via a crafted application. (CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles \npivot_root when used with a chroot directory. A local user could exploit \nthis flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the ext4_file_write_iter \nfunction of the Linux kernel's ext4 filesystem. A local user could exploit \nthis flaw to cause a denial of service (file unavailability). \n(CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel \nmiscalculates the number of memory pages during the handling of a mapping \nfailure. A guest OS user could exploit this to cause a denial of service \n(host OS page unpinning) or possibly have unspecified other impact by \nleveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-12T00:00:00", "type": "ubuntu", "title": "Linux kernel (Utopic HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-8086", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090", "CVE-2014-9322"], "modified": "2014-12-12T00:00:00", "id": "USN-2447-1", "href": "https://ubuntu.com/security/notices/USN-2447-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T13:29:51", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux-ti-omap4 \\- Linux kernel for OMAP4\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace \nsubsystem of the Linux kernel does not properly handle private syscall \nnumbers. A local user could exploit this flaw to cause a denial of service \n(OOPS). (CVE-2014-7826)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the \nperf subsystem of the Linux kernel handles private systecall numbers. A \nlocal user could exploit this to cause a denial of service (OOPS) or bypass \nASLR protections via a crafted application. (CVE-2014-7825)\n\nA null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-12T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-8884"], "modified": "2014-12-12T00:00:00", "id": "USN-2444-1", "href": "https://ubuntu.com/security/notices/USN-2444-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:29:39", "description": "## Releases\n\n * Ubuntu 14.10 \n\n## Packages\n\n * linux \\- Linux kernel\n\nA null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single \nbyte overflow in __clear_user. A local user could exploit this flaw to \ncause a denial of service (system crash) by reading one byte beyond a \n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)\n", "cvss3": {}, "published": "2015-01-13T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-7842", "CVE-2014-7843", "CVE-2014-8884"], "modified": "2015-01-13T00:00:00", "id": "USN-2468-1", "href": "https://ubuntu.com/security/notices/USN-2468-1", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-26T13:29:40", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux-lts-trusty \\- Linux hardware enablement kernel from Trusty\n\nA null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single \nbyte overflow in __clear_user. A local user could exploit this flaw to \ncause a denial of service (system crash) by reading one byte beyond a \n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)\n", "cvss3": {}, "published": "2015-01-13T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-7842", "CVE-2014-7843", "CVE-2014-8884"], "modified": "2015-01-13T00:00:00", "id": "USN-2465-1", "href": "https://ubuntu.com/security/notices/USN-2465-1", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-26T13:29:38", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-utopic \\- Linux hardware enablement kernel from Utopic\n\nA null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single \nbyte overflow in __clear_user. A local user could exploit this flaw to \ncause a denial of service (system crash) by reading one byte beyond a \n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)\n", "cvss3": {}, "published": "2015-01-13T00:00:00", "type": "ubuntu", "title": "Linux kernel (Utopic HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-7842", "CVE-2014-7843", "CVE-2014-8884"], "modified": "2015-01-13T00:00:00", "id": "USN-2467-1", "href": "https://ubuntu.com/security/notices/USN-2467-1", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-26T13:29:48", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nA null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single \nbyte overflow in __clear_user. A local user could exploit this flaw to \ncause a denial of service (system crash) by reading one byte beyond a \n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)\n", "cvss3": {}, "published": "2015-01-13T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-7842", "CVE-2014-7843", "CVE-2014-8884"], "modified": "2015-01-13T00:00:00", "id": "USN-2466-1", "href": "https://ubuntu.com/security/notices/USN-2466-1", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-26T13:29:39", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux-ti-omap4 \\- Linux kernel for OMAP4\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register in the x86 \narchitecture. A local attacker could exploit this flaw to gain \nadministrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel \nmiscalculates the number of memory pages during the handling of a mapping \nfailure. A guest OS user could exploit this to cause a denial of service \n(host OS page unpinning) or possibly have unspecified other impact by \nleveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-01-13T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7842", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090", "CVE-2014-9322"], "modified": "2015-01-13T00:00:00", "id": "USN-2464-1", "href": "https://ubuntu.com/security/notices/USN-2464-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T03:17:51", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux-ti-omap4 \\- Linux kernel for OMAP4\n\nNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles \nnoncanonical addresses when emulating instructions that change the rip \n(Instruction Pointer). A guest user with access to I/O or the MMIO can use \nthis flaw to cause a denial of service (system crash) of the guest. \n(CVE-2014-3647)\n\nA flaw was discovered with the handling of the invept instruction in the \nKVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged \nguest user could exploit this flaw to cause a denial of service (system \ncrash) on the guest. (CVE-2014-3646)\n\nA flaw was discovered with invept instruction support when using nested EPT \nin the KVM (Kernel Virtual Machine). An unprivileged guest user could \nexploit this flaw to cause a denial of service (system crash) on the guest. \n(CVE-2014-3645)\n\nLars Bull reported a race condition in the PIT (programmable interrupt \ntimer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux \nkernel. A local guest user with access to PIT i/o ports could exploit this \nflaw to cause a denial of service (crash) on the host. (CVE-2014-3611)\n\nLars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual \nMachine) handles noncanonical writes to certain MSR registers. A privileged \nguest user can exploit this flaw to cause a denial of service (kernel \npanic) on the host. (CVE-2014-3610)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nA flaw was discovered in how the Linux kernel's KVM (Kernel Virtual \nMachine) subsystem handles the CR4 control register at VM entry on Intel \nprocessors. A local host OS user can exploit this to cause a denial of \nservice (kill arbitrary processes, or system disruption) by leveraging \n/dev/kvm access. (CVE-2014-3690)\n\nDon Bailey discovered a flaw in the LZO decompress algorithm used by the \nLinux kernel. An attacker could exploit this flaw to cause a denial of \nservice (memory corruption or OOPS). (CVE-2014-4608)\n\nIt was discovered the Linux kernel's implementation of IPv6 did not \nproperly validate arguments in the ipv6_select_ident function. A local user \ncould exploit this flaw to cause a denial of service (system crash) by \nleveraging tun or macvtap device access. (CVE-2014-7207)\n\nAndy Lutomirski discovered that the Linux kernel was not checking the \nCAP_SYS_ADMIN when remounting filesystems to read-only. A local user could \nexploit this flaw to cause a denial of service (loss of writability). \n(CVE-2014-7975)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-11-25T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-4608", "CVE-2014-7207", "CVE-2014-7975"], "modified": "2014-11-25T00:00:00", "id": "USN-2418-1", "href": "https://ubuntu.com/security/notices/USN-2418-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T03:17:53", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux \\- Linux kernel\n\nNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles \nnoncanonical addresses when emulating instructions that change the rip \n(Instruction Pointer). A guest user with access to I/O or the MMIO can use \nthis flaw to cause a denial of service (system crash) of the guest. \n(CVE-2014-3647)\n\nA flaw was discovered with the handling of the invept instruction in the \nKVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged \nguest user could exploit this flaw to cause a denial of service (system \ncrash) on the guest. (CVE-2014-3646)\n\nA flaw was discovered with invept instruction support when using nested EPT \nin the KVM (Kernel Virtual Machine). An unprivileged guest user could \nexploit this flaw to cause a denial of service (system crash) on the guest. \n(CVE-2014-3645)\n\nLars Bull reported a race condition in the PIT (programmable interrupt \ntimer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux \nkernel. A local guest user with access to PIT i/o ports could exploit this \nflaw to cause a denial of service (crash) on the host. (CVE-2014-3611)\n\nLars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual \nMachine) handles noncanonical writes to certain MSR registers. A privileged \nguest user can exploit this flaw to cause a denial of service (kernel \npanic) on the host. (CVE-2014-3610)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel was discovered. A \nremote attacker could exploit this flaw to cause a denial of service \n(panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control \nTransmission Protocol) implementation in the Linux kernel can cause memory \npressure. A remote attacker could exploit this flaw to cause a denial of \nservice. (CVE-2014-3688)\n\nA flaw was discovered in how the Linux kernel's KVM (Kernel Virtual \nMachine) subsystem handles the CR4 control register at VM entry on Intel \nprocessors. A local host OS user can exploit this to cause a denial of \nservice (kill arbitrary processes, or system disruption) by leveraging \n/dev/kvm access. (CVE-2014-3690)\n\nDon Bailey discovered a flaw in the LZO decompress algorithm used by the \nLinux kernel. An attacker could exploit this flaw to cause a denial of \nservice (memory corruption or OOPS). (CVE-2014-4608)\n\nIt was discovered the Linux kernel's implementation of IPv6 did not \nproperly validate arguments in the ipv6_select_ident function. A local user \ncould exploit this flaw to cause a denial of service (system crash) by \nleveraging tun or macvtap device access. (CVE-2014-7207)\n\nAndy Lutomirski discovered that the Linux kernel was not checking the \nCAP_SYS_ADMIN when remounting filesystems to read-only. A local user could \nexploit this flaw to cause a denial of service (loss of writability). \n(CVE-2014-7975)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-11-25T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-4608", "CVE-2014-7207", "CVE-2014-7975"], "modified": "2014-11-25T00:00:00", "id": "USN-2417-1", "href": "https://ubuntu.com/security/notices/USN-2417-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-02-21T16:42:17", "description": "An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688)\n\nA NULL pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nJouni Malinen reported a flaw in the handling of fragmentation in the mac8Linux subsystem of the kernel. A remote attacker could exploit this flaw to obtain potential sensitive cleartext information by reading packets. (CVE-2014-8709)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2442-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-8134", "CVE-2014-8709", "CVE-2014-8884", "CVE-2014-9090"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-2442-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80029", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2442-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80029);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7841\", \"CVE-2014-8134\", \"CVE-2014-8709\", \"CVE-2014-8884\", \"CVE-2014-9090\");\n script_bugtraq_id(70766, 70768, 70883, 70965, 71081, 71097, 71250);\n script_xref(name:\"USN\", value:\"2442-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2442-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An information leak in the Linux kernel was discovered that could leak\nthe high 16 bits of the kernel stack address on 32-bit Kernel Virtual\nMachine (KVM) paravirt guests. A user in the guest OS could exploit\nthis leak to obtain information that could potentially be used to aid\nin attacking the kernel. (CVE-2014-8134)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control\nTransmission Protocol) implementation in the Linux kernel can cause\nmemory pressure. A remote attacker could exploit this flaw to cause a\ndenial of service. (CVE-2014-3688)\n\nA NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nJouni Malinen reported a flaw in the handling of fragmentation in the\nmac8Linux subsystem of the kernel. A remote attacker could exploit\nthis flaw to obtain potential sensitive cleartext information by\nreading packets. (CVE-2014-8709)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly\nhandle faults associated with the Stack Segment (SS) register on the\nx86 architecture. A local attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2442-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7841\", \"CVE-2014-8134\", \"CVE-2014-8709\", \"CVE-2014-8884\", \"CVE-2014-9090\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2442-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-374-ec2\", pkgver:\"2.6.32-374.91\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:41:47", "description": "An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688)\n\nA NULL pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nJouni Malinen reported a flaw in the handling of fragmentation in the mac8Linux subsystem of the kernel. A remote attacker could exploit this flaw to obtain potential sensitive cleartext information by reading packets. (CVE-2014-8709)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-2441-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-8134", "CVE-2014-8709", "CVE-2014-8884", "CVE-2014-9090"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-2441-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2441-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80028);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7841\", \"CVE-2014-8134\", \"CVE-2014-8709\", \"CVE-2014-8884\", \"CVE-2014-9090\");\n script_bugtraq_id(70766, 70768, 70883, 70965, 71081, 71097, 71250);\n script_xref(name:\"USN\", value:\"2441-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-2441-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An information leak in the Linux kernel was discovered that could leak\nthe high 16 bits of the kernel stack address on 32-bit Kernel Virtual\nMachine (KVM) paravirt guests. A user in the guest OS could exploit\nthis leak to obtain information that could potentially be used to aid\nin attacking the kernel. (CVE-2014-8134)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control\nTransmission Protocol) implementation in the Linux kernel can cause\nmemory pressure. A remote attacker could exploit this flaw to cause a\ndenial of service. (CVE-2014-3688)\n\nA NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nJouni Malinen reported a flaw in the handling of fragmentation in the\nmac8Linux subsystem of the kernel. A remote attacker could exploit\nthis flaw to obtain potential sensitive cleartext information by\nreading packets. (CVE-2014-8709)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly\nhandle faults associated with the Stack Segment (SS) register on the\nx86 architecture. A local attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2441-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7841\", \"CVE-2014-8134\", \"CVE-2014-8709\", \"CVE-2014-8884\", \"CVE-2014-9090\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2441-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-70-386\", pkgver:\"2.6.32-70.137\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-70-generic\", pkgver:\"2.6.32-70.137\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-70-generic-pae\", pkgver:\"2.6.32-70.137\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-70-lpia\", pkgver:\"2.6.32-70.137\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-70-preempt\", pkgver:\"2.6.32-70.137\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-70-server\", pkgver:\"2.6.32-70.137\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-70-versatile\", pkgver:\"2.6.32-70.137\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-70-virtual\", pkgver:\"2.6.32-70.137\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-03T15:08:03", "description": "Non-maintainer upload by the Squeeze LTS and Kernel Teams.\n\nNew upstream stable release 2.6.32.65, see http://lkml.org/lkml/2014/12/13/81 for more information.\n\nThe stable release 2.6.32.65 includes the following new commits compared to the previous 2.6.32-48squeeze9 package :\n\n - USB: whiteheat: Added bounds checking for bulk command response (CVE-2014-3185)\n\n - net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687)\n\n - net: sctp: fix remote memory pressure from excessive queueing (CVE-2014-3688)\n\n - udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410)\n\n - net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (CVE-2014-7841)\n\n - mac80211: fix fragmentation code, particularly for encryption (CVE-2014-8709)\n\n - ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)\n\nWe recommend that you upgrade your linux-2.6 packages.\n\nWe apologize for a minor cosmetic glitch :\n\nThe following commits were already included in 2.6.32-48squeeze9 despite claims in debian/changelog they were only fixed in 2.6.32-48squeez10 :\n\n - vlan: Don't propagate flag changes on down interfaces.\n\n - sctp: Fix double-free introduced by bad backport in 2.6.32.62\n\n - md/raid6: Fix misapplied backport in 2.6.32.64\n\n - block: add missing blk_queue_dead() checks\n\n - block: Fix blk_execute_rq_nowait() dead queue handling\n\n - proc connector: Delete spurious memset in proc_exit_connector()\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-118-1 : linux-2.6 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3185", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-6410", "CVE-2014-7841", "CVE-2014-8709", "CVE-2014-8884"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firmware-linux-free", "p-cpe:/a:debian:debian_linux:linux-base", "p-cpe:/a:debian:debian_linux:linux-doc-2.6.32", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-2.6.32", "p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32", "p-cpe:/a:debian:debian_linux:linux-source-2.6.32", "p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5", "p-cpe:/a:debian:debian_linux:linux-tools-2.6.32", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-118.NASL", "href": "https://www.tenable.com/plugins/nessus/82101", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-118-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82101);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3185\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-6410\", \"CVE-2014-7841\", \"CVE-2014-8709\", \"CVE-2014-8884\");\n script_bugtraq_id(69781, 69799, 70766, 70768, 70965, 71081, 71097);\n\n script_name(english:\"Debian DLA-118-1 : linux-2.6 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Non-maintainer upload by the Squeeze LTS and Kernel Teams.\n\nNew upstream stable release 2.6.32.65, see\nhttp://lkml.org/lkml/2014/12/13/81 for more information.\n\nThe stable release 2.6.32.65 includes the following new commits\ncompared to the previous 2.6.32-48squeeze9 package :\n\n - USB: whiteheat: Added bounds checking for bulk command\n response (CVE-2014-3185)\n\n - net: sctp: fix panic on duplicate ASCONF chunks\n (CVE-2014-3687)\n\n - net: sctp: fix remote memory pressure from excessive\n queueing (CVE-2014-3688)\n\n - udf: Avoid infinite loop when processing indirect ICBs\n (CVE-2014-6410)\n\n - net: sctp: fix NULL pointer dereference in\n af->from_addr_param on malformed packet (CVE-2014-7841)\n\n - mac80211: fix fragmentation code, particularly for\n encryption (CVE-2014-8709)\n\n - ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)\n\nWe recommend that you upgrade your linux-2.6 packages.\n\nWe apologize for a minor cosmetic glitch :\n\nThe following commits were already included in 2.6.32-48squeeze9\ndespite claims in debian/changelog they were only fixed in\n2.6.32-48squeez10 :\n\n - vlan: Don't propagate flag changes on down interfaces.\n\n - sctp: Fix double-free introduced by bad backport in\n 2.6.32.62\n\n - md/raid6: Fix misapplied backport in 2.6.32.64\n\n - block: add missing blk_queue_dead() checks\n\n - block: Fix blk_execute_rq_nowait() dead queue handling\n\n - proc connector: Delete spurious memset in\n proc_exit_connector()\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # http://lkml.org/lkml/2014/12/13/81\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lkml.org/lkml/2014/12/13/81\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/linux-2.6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-linux-free\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-tools-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:39:17", "description": "Updated kernel packages that fix three security issues are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\nThe CVE-2014-3673 issue was discovered by Liu Wei of Red Hat.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-02-04T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2015:0115)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688"], "modified": "2020-08-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2015-0115.NASL", "href": "https://www.tenable.com/plugins/nessus/81158", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0115. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81158);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/11\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\");\n script_xref(name:\"RHSA\", value:\"2015:0115\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2015:0115)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated kernel packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled malformed or duplicate Address Configuration Change Chunks\n(ASCONF). A remote attacker could use either of these flaws to crash\nthe system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled the association's output queue. A remote attacker could send\nspecially crafted packets that would cause the system to use an\nexcessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\nThe CVE-2014-3673 issue was discovered by Liu Wei of Red Hat.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3688\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:0115\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0115\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"kernel-doc-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"kernel-firmware-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-220.58.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-220.58.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:37:44", "description": "Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\nThe CVE-2014-3673 issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes the following bugs :\n\n* When the Baseboard Management Controller (BMC) was reset, the settings for the ipmi_watchdog driver were not restored correctly causing error 80 to be returned. With this update, Intelligent Platform Management Interface (IPMI) is reset as expected in the described situation, and the error is no longer returned. (BZ#1109268)\n\n* Under certain conditions, XFS log flushes could exceed the kernel thread stack size. As a consequence, a kernel panic occurred on systems using XFS file systems. This update provides a patch that moves this code path to a work queue, and therefore the stack overflow no longer occurs. (BZ#1154086)\n\n* Due to a race condition, an attempt to unmount an XFS file system using the umount command could fail, causing the system to become unresponsive. The underlying source code has been modified to fix this bug, and the system no longer hangs in the described situation.\n(BZ#1158320)\n\n* Previously, the printk_ratelimited() function printed messages which were supposed to be suppressed, and failed to print messages that were supposed to be printed. This was caused by the incorrect usage of the\n__ratelimit() function. This bug has been fixed with this update, and now printk_ratelimit() behaves as expected. (BZ#1169401)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-01-14T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2015:0043)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.4"], "id": "REDHAT-RHSA-2015-0043.NASL", "href": "https://www.tenable.com/plugins/nessus/80507", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0043. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80507);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\");\n script_bugtraq_id(70766, 70768, 70883);\n script_xref(name:\"RHSA\", value:\"2015:0043\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2015:0043)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated kernel packages that fix three security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.4 Extended\nUpdate Support.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled malformed or duplicate Address Configuration Change Chunks\n(ASCONF). A remote attacker could use either of these flaws to crash\nthe system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled the association's output queue. A remote attacker could send\nspecially crafted packets that would cause the system to use an\nexcessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\nThe CVE-2014-3673 issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes the following bugs :\n\n* When the Baseboard Management Controller (BMC) was reset, the\nsettings for the ipmi_watchdog driver were not restored correctly\ncausing error 80 to be returned. With this update, Intelligent\nPlatform Management Interface (IPMI) is reset as expected in the\ndescribed situation, and the error is no longer returned. (BZ#1109268)\n\n* Under certain conditions, XFS log flushes could exceed the kernel\nthread stack size. As a consequence, a kernel panic occurred on\nsystems using XFS file systems. This update provides a patch that\nmoves this code path to a work queue, and therefore the stack overflow\nno longer occurs. (BZ#1154086)\n\n* Due to a race condition, an attempt to unmount an XFS file system\nusing the umount command could fail, causing the system to become\nunresponsive. The underlying source code has been modified to fix this\nbug, and the system no longer hangs in the described situation.\n(BZ#1158320)\n\n* Previously, the printk_ratelimited() function printed messages which\nwere supposed to be suppressed, and failed to print messages that were\nsupposed to be printed. This was caused by the incorrect usage of the\n__ratelimit() function. This bug has been fixed with this update, and\nnow printk_ratelimit() behaves as expected. (BZ#1169401)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3688\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:0043\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0043\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"kernel-doc-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"kernel-firmware-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"perf-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"perf-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"python-perf-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-358.55.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:41:50", "description": "An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2446-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2446-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80032", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2446-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80032);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n script_bugtraq_id(70749, 70766, 70768, 70883, 70971, 70972, 71250);\n script_xref(name:\"USN\", value:\"2446-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2446-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An information leak in the Linux kernel was discovered that could leak\nthe high 16 bits of the kernel stack address on 32-bit Kernel Virtual\nMachine (KVM) paravirt guests. A user in the guest OS could exploit\nthis leak to obtain information that could potentially be used to aid\nin attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace\nsubsystem of the Linux kernel does not properly handle private syscall\nnumbers. A local user could exploit this flaw to cause a denial of\nservice (OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control\nTransmission Protocol) implementation in the Linux kernel can cause\nmemory pressure. A remote attacker could exploit this flaw to cause a\ndenial of service. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in\nhow the perf subsystem of the Linux kernel handles private systecall\nnumbers. A local user could exploit this to cause a denial of service\n(OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel\nmiscalculates the number of memory pages during the handling of a\nmapping failure. A guest OS user could exploit this to cause a denial\nof service (host OS page unpinning) or possibly have unspecified other\nimpact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly\nhandle faults associated with the Stack Segment (SS) register on the\nx86 architecture. A local attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2446-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2446-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-43-generic\", pkgver:\"3.13.0-43.72\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-43-generic-lpae\", pkgver:\"3.13.0-43.72\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-43-lowlatency\", pkgver:\"3.13.0-43.72\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:41:37", "description": "An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2445-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2445-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2445-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80031);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n script_bugtraq_id(70749, 70766, 70768, 70883, 70971, 70972, 71250);\n script_xref(name:\"USN\", value:\"2445-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2445-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An information leak in the Linux kernel was discovered that could leak\nthe high 16 bits of the kernel stack address on 32-bit Kernel Virtual\nMachine (KVM) paravirt guests. A user in the guest OS could exploit\nthis leak to obtain information that could potentially be used to aid\nin attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace\nsubsystem of the Linux kernel does not properly handle private syscall\nnumbers. A local user could exploit this flaw to cause a denial of\nservice (OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control\nTransmission Protocol) implementation in the Linux kernel can cause\nmemory pressure. A remote attacker could exploit this flaw to cause a\ndenial of service. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in\nhow the perf subsystem of the Linux kernel handles private systecall\nnumbers. A local user could exploit this to cause a denial of service\n(OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel\nmiscalculates the number of memory pages during the handling of a\nmapping failure. A guest OS user could exploit this to cause a denial\nof service (host OS page unpinning) or possibly have unspecified other\nimpact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly\nhandle faults associated with the Stack Segment (SS) register on the\nx86 architecture. A local attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2445-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2445-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-43-generic\", pkgver:\"3.13.0-43.72~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-43-generic-lpae\", pkgver:\"3.13.0-43.72~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:42:01", "description": "The openSUSE 13.2 kernel was updated to version 3.16.7.\n\nThese security issues were fixed :\n\n - CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. (bnc#910251)\n\n - CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. (bnc#907818)\n\n - CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. (bnc#909077)\n\n - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349).\n\n - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that triggered an incorrect uncork within the side-effect interpreter (bnc#902349).\n\n - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n\n - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013).\n\n - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100).\n\nThese non-security issues were fixed :\n\n - ahci: Check and set 64-bit DMA mask for platform AHCI driver (bnc#902632).\n\n - ahci/xgene: Remove logic to set 64-bit DMA mask (bnc#902632).\n\n - ahci_xgene: Skip the PHY and clock initialization if already configured by the firmware (bnc#902632).\n\n - ALSA: hda - Add mute LED control for Lenovo Ideapad Z560 (bnc#665315).\n\n - ALSA: hda/realtek - Add alc_update_coef*_idx() helper (bnc#905068).\n\n - ALSA: hda/realtek - Change EAPD to verb control (bnc#905068).\n\n - ALSA: hda/realtek - Optimize alc888_coef_init() (bnc#905068).\n\n - ALSA: hda/realtek - Restore default value for ALC668 (bnc#905068).\n\n - ALSA: hda/realtek - Update Initial AMP for EAPD control (bnc#905068).\n\n - ALSA: hda/realtek - Update restore default value for ALC282 (bnc#905068).\n\n - ALSA: hda/realtek - Update restore default value for ALC283 (bnc#905068).\n\n - ALSA: hda/realtek - Use alc_write_coef_idx() in alc269_quanta_automake() (bnc#905068).\n\n - ALSA: hda/realtek - Use tables for batch COEF writes/updtes (bnc#905068).\n\n - ALSA: usb-audio: Do not resubmit pending URBs at MIDI error recovery.\n\n - arm64: Add architectural support for PCI (bnc#902632).\n\n - arm64: adjust el0_sync so that a function can be called (bnc#902632).\n\n - arm64: Do not call enable PCI resources when specify PCI_PROBE_ONLY (bnc#902632).\n\n - arm64: dts: Add X-Gene reboot driver dts node (bnc#902632).\n\n - arm64/efi: efistub: cover entire static mem footprint in PE/COFF .text (bnc#902632).\n\n - arm64/efi: efistub: do not abort if base of DRAM is occupied (bnc#902632).\n\n - arm64: fix bug for reloading FPSIMD state after cpu power off (bnc#902632).\n\n - arm64: fix VTTBR_BADDR_MASK (bnc#902632).\n\n - arm64: fpsimd: fix a typo in fpsimd_save_partial_state ENDPROC (bnc#902632).\n\n - arm64/mustang: Disable sgenet and xgenet (bnc#902632).\n\n - arm64: Select reboot driver for X-Gene platform (bnc#902632).\n\n - arm: Add APM Mustang network driver (bnc#902632).\n\n - arm/arm64: KVM: Fix and refactor unmap_range (bnc#902632).\n\n - arm: Define PCI_IOBASE as the base of virtual PCI IO space (bnc#902632).\n\n - asm-generic/io.h: Fix ioport_map() for !CONFIG_GENERIC_IOMAP (bnc#902632).\n\n - ax88179_178a: fix bonding failure (bsc#908253).\n\n - btrfs: Fix and enhance merge_extent_mapping() to insert best fitted extent map.\n\n - btrfs: fix crash of btrfs_release_extent_buffer_page.\n\n - btrfs: fix invalid leaf slot access in btrfs_lookup_extent().\n\n - btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup.\n\n - btrfs: fix lockups from btrfs_clear_path_blocking.\n\n - btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent items.\n\n - btrfs: Fix the wrong condition judgment about subset extent map.\n\n - btrfs: fix wrong accounting of raid1 data profile in statfs.\n\n - btrfs: send, do not delay dir move if there is a new parent inode.\n\n - config: armv7hl: Disable CONFIG_USB_MUSB_TUSB6010 (bnc#906914).\n\n - cpufreq: arm_big_little: fix module license spec (bnc#902632).\n\n - Delete patches.rpmify/chipidea-clean-up-dependencies (bnc#903986).\n\n - Disable Exynos cpufreq modules.\n\n - drivers/net/fddi/skfp/h/skfbi.h: Remove useless PCI_BASE_2ND macros (bnc#902632).\n\n - drm/i915: Keep vblank interrupts enabled while enabling/disabling planes (bnc#904097).\n\n - drm: Implement O_NONBLOCK support on /dev/dri/cardN (bnc#904097).\n\n - drm/nv50/disp: fix dpms regression on certain boards (bnc#902728).\n\n - drm/radeon: add locking around atombios scratch space usage (bnc#904932).\n\n - drm/radeon: add missing crtc unlock when setting up the MC (bnc#904932).\n\n - drm/radeon/dpm: disable ulv support on SI (bnc#904932).\n\n - drm/radeon: fix endian swapping in vbios fetch for tdp table (bnc#904932).\n\n - drm/radeon: fix speaker allocation setup (bnc#904932).\n\n - drm/radeon: initialize sadb to NULL in the audio code (bnc#904932).\n\n - drm/radeon: make sure mode init is complete in bandwidth_update (bnc#904932).\n\n - drm/radeon: report disconnected for LVDS/eDP with PX if ddc fails (bnc#904417).\n\n - drm/radeon: set correct CE ram size for CIK (bnc#904932).\n\n - drm/radeon: Use drm_malloc_ab instead of kmalloc_array (bnc#904932).\n\n - drm/radeon: use gart for DMA IB tests (bnc#904932).\n\n - drm/radeon: use gart memory for DMA ring tests (bnc#904932).\n\n - drm/tilcdc: Fix the error path in tilcdc_load() (bko#86071).\n\n - hp_accel: Add support for HP ZBook 15 (bnc#905329).\n\n - ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling (bnc#904289).\n\n - Input: i8042 - also set the firmware id for MUXed ports (bnc#897112).\n\n - Input: psmouse - add psmouse_matches_pnp_id helper function (bnc#897112).\n\n - Input: psmouse - add support for detecting FocalTech PS/2 touchpads (bnc#897112).\n\n - Input: synaptics - add min/max quirk for Lenovo T440s (bnc#903748).\n\n - irqchip: gic: preserve gic V2 bypass bits in cpu ctrl register (bnc#902632).\n\n - iwlwifi: dvm: drop non VO frames when flushing (bnc#900786).\n\n - KEYS: Allow special keys (eg. DNS results) to be invalidated by CAP_SYS_ADMIN (bnc#904717).\n\n - KEYS: Fix stale key registration at error path (bnc#908163).\n\n - KEYS: Fix the size of the key description passed to/from userspace (bnc#904717).\n\n - KEYS: Increase root_maxkeys and root_maxbytes sizes (bnc#904717).\n\n - KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED (bnc#904717).\n\n - KEYS: Simplify KEYRING_SEARCH_(NO,DO)_STATE_CHECK flags (bnc#904717).\n\n - KVM: ARM: Add arm,gic-400 compatible support (bnc#902632).\n\n - KVM: ARM: Hack to enable VGIC mapping on 64k PAGE_SIZE kernels (bnc#902633).\n\n - Limit xgbe a0 driver to arm64\n\n - net/xgbe: Add A0 silicon support (bnc#902632).\n\n - of/pci: Add pci_get_new_domain_nr() and of_get_pci_domain_nr() (bnc#902632).\n\n - of/pci: Add pci_register_io_range() and pci_pio_to_address() (bnc#902632).\n\n - of/pci: Add support for parsing PCI host bridge resources from DT (bnc#902632).\n\n - of/pci: Fix the conversion of IO ranges into IO resources (bnc#902632).\n\n - of/pci: Move of_pci_range_to_resource() to of/address.c (bnc#902632).\n\n - parport: parport_pc, do not remove parent devices early (bnc#856659).\n\n - PCI: Add generic domain handling (bnc#902632).\n\n - PCI: Add pci_remap_iospace() to map bus I/O resources (bnc#902632).\n\n - PCI: xgene: Add APM X-Gene PCIe driver (bnc#902632).\n\n - power: reset: Add generic SYSCON register mapped reset (bnc#902632).\n\n - power: reset: Remove X-Gene reboot driver (bnc#902632).\n\n - quirk for Lenovo Yoga 3: no rfkill switch (bnc#904289).\n\n - reiserfs: destroy allocated commit workqueue.\n\n - rtc: ia64: allow other architectures to use EFI RTC (bnc#902632).\n\n - scripts/tags.sh: Do not specify kind-spec for emacs ctags/etags.\n\n - scripts/tags.sh: fix DEFINE_HASHTABLE in emacs case.\n\n - tags.sh: Fixup regex definition for etags.\n\n - ttusb-dec: buffer overflow in ioctl (bnc#905739).\n\n - usb: Add support for Synopsis H20AHB EHCI host controller (bnc#902632).\n\n - usb: fix hcd h20ahb driver depends (bnc#902632).\n\n - usb: uvc: add a quirk for Dell XPS M1330 webcam (bnc#904539).\n\n - usb: uvc: Fix destruction order in uvc_delete() (bnc#897736).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Linux Kernel (openSUSE-SU-2014:1678-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-8133", "CVE-2014-9090", "CVE-2014-9322"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2014-794.NASL", "href": "https://www.tenable.com/plugins/nessus/80153", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-794.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80153);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7826\", \"CVE-2014-7841\", \"CVE-2014-8133\", \"CVE-2014-9090\", \"CVE-2014-9322\");\n\n script_name(english:\"openSUSE Security Update : Linux Kernel (openSUSE-SU-2014:1678-1)\");\n script_summary(english:\"Check for the openSUSE-2014-794 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.2 kernel was updated to version 3.16.7.\n\nThese security issues were fixed :\n\n - CVE-2014-9322: A local privilege escalation in the\n x86_64 32bit compatibility signal handling was fixed,\n which could be used by local attackers to crash the\n machine or execute code. (bnc#910251)\n\n - CVE-2014-9090: The do_double_fault function in\n arch/x86/kernel/traps.c in the Linux kernel did not\n properly handle faults associated with the Stack Segment\n (SS) segment register, which allowed local users to\n cause a denial of service (panic) via a modify_ldt\n system call, as demonstrated by sigreturn_32 in the\n linux-clock-tests test suite. (bnc#907818)\n\n - CVE-2014-8133: Insufficient validation of TLS register\n usage could leak information from the kernel stack to\n userspace. (bnc#909077)\n\n - CVE-2014-3673: The SCTP implementation in the Linux\n kernel through 3.17.2 allowed remote attackers to cause\n a denial of service (system crash) via a malformed\n ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c (bnc#902346, bnc#902349).\n\n - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function\n in net/sctp/associola.c in the SCTP implementation in\n the Linux kernel through 3.17.2 allowed remote attackers\n to cause a denial of service (panic) via duplicate\n ASCONF chunks that triggered an incorrect uncork within\n the side-effect interpreter (bnc#902349).\n\n - CVE-2014-3688: The SCTP implementation in the Linux\n kernel before 3.17.4 allowed remote attackers to cause a\n denial of service (memory consumption) by triggering a\n large number of chunks in an association's output queue,\n as demonstrated by ASCONF probes, related to\n net/sctp/inqueue.c and net/sctp/sm_statefuns.c\n (bnc#902351).\n\n - CVE-2014-7826: kernel/trace/trace_syscalls.c in the\n Linux kernel through 3.17.2 did not properly handle\n private syscall numbers during use of the ftrace\n subsystem, which allowed local users to gain privileges\n or cause a denial of service (invalid pointer\n dereference) via a crafted application (bnc#904013).\n\n - CVE-2014-7841: The sctp_process_param function in\n net/sctp/sm_make_chunk.c in the SCTP implementation in\n the Linux kernel before 3.17.4, when ASCONF is used,\n allowed remote attackers to cause a denial of service\n (NULL pointer dereference and system crash) via a\n malformed INIT chunk (bnc#905100).\n\nThese non-security issues were fixed :\n\n - ahci: Check and set 64-bit DMA mask for platform AHCI\n driver (bnc#902632).\n\n - ahci/xgene: Remove logic to set 64-bit DMA mask\n (bnc#902632).\n\n - ahci_xgene: Skip the PHY and clock initialization if\n already configured by the firmware (bnc#902632).\n\n - ALSA: hda - Add mute LED control for Lenovo Ideapad Z560\n (bnc#665315).\n\n - ALSA: hda/realtek - Add alc_update_coef*_idx() helper\n (bnc#905068).\n\n - ALSA: hda/realtek - Change EAPD to verb control\n (bnc#905068).\n\n - ALSA: hda/realtek - Optimize alc888_coef_init()\n (bnc#905068).\n\n - ALSA: hda/realtek - Restore default value for ALC668\n (bnc#905068).\n\n - ALSA: hda/realtek - Update Initial AMP for EAPD control\n (bnc#905068).\n\n - ALSA: hda/realtek - Update restore default value for\n ALC282 (bnc#905068).\n\n - ALSA: hda/realtek - Update restore default value for\n ALC283 (bnc#905068).\n\n - ALSA: hda/realtek - Use alc_write_coef_idx() in\n alc269_quanta_automake() (bnc#905068).\n\n - ALSA: hda/realtek - Use tables for batch COEF\n writes/updtes (bnc#905068).\n\n - ALSA: usb-audio: Do not resubmit pending URBs at MIDI\n error recovery.\n\n - arm64: Add architectural support for PCI (bnc#902632).\n\n - arm64: adjust el0_sync so that a function can be called\n (bnc#902632).\n\n - arm64: Do not call enable PCI resources when specify\n PCI_PROBE_ONLY (bnc#902632).\n\n - arm64: dts: Add X-Gene reboot driver dts node\n (bnc#902632).\n\n - arm64/efi: efistub: cover entire static mem footprint in\n PE/COFF .text (bnc#902632).\n\n - arm64/efi: efistub: do not abort if base of DRAM is\n occupied (bnc#902632).\n\n - arm64: fix bug for reloading FPSIMD state after cpu\n power off (bnc#902632).\n\n - arm64: fix VTTBR_BADDR_MASK (bnc#902632).\n\n - arm64: fpsimd: fix a typo in fpsimd_save_partial_state\n ENDPROC (bnc#902632).\n\n - arm64/mustang: Disable sgenet and xgenet (bnc#902632).\n\n - arm64: Select reboot driver for X-Gene platform\n (bnc#902632).\n\n - arm: Add APM Mustang network driver (bnc#902632).\n\n - arm/arm64: KVM: Fix and refactor unmap_range\n (bnc#902632).\n\n - arm: Define PCI_IOBASE as the base of virtual PCI IO\n space (bnc#902632).\n\n - asm-generic/io.h: Fix ioport_map() for\n !CONFIG_GENERIC_IOMAP (bnc#902632).\n\n - ax88179_178a: fix bonding failure (bsc#908253).\n\n - btrfs: Fix and enhance merge_extent_mapping() to insert\n best fitted extent map.\n\n - btrfs: fix crash of btrfs_release_extent_buffer_page.\n\n - btrfs: fix invalid leaf slot access in\n btrfs_lookup_extent().\n\n - btrfs: fix kfree on list_head in\n btrfs_lookup_csums_range error cleanup.\n\n - btrfs: fix lockups from btrfs_clear_path_blocking.\n\n - btrfs: fix race that makes btrfs_lookup_extent_info miss\n skinny extent items.\n\n - btrfs: Fix the wrong condition judgment about subset\n extent map.\n\n - btrfs: fix wrong accounting of raid1 data profile in\n statfs.\n\n - btrfs: send, do not delay dir move if there is a new\n parent inode.\n\n - config: armv7hl: Disable CONFIG_USB_MUSB_TUSB6010\n (bnc#906914).\n\n - cpufreq: arm_big_little: fix module license spec\n (bnc#902632).\n\n - Delete patches.rpmify/chipidea-clean-up-dependencies\n (bnc#903986).\n\n - Disable Exynos cpufreq modules.\n\n - drivers/net/fddi/skfp/h/skfbi.h: Remove useless\n PCI_BASE_2ND macros (bnc#902632).\n\n - drm/i915: Keep vblank interrupts enabled while\n enabling/disabling planes (bnc#904097).\n\n - drm: Implement O_NONBLOCK support on /dev/dri/cardN\n (bnc#904097).\n\n - drm/nv50/disp: fix dpms regression on certain boards\n (bnc#902728).\n\n - drm/radeon: add locking around atombios scratch space\n usage (bnc#904932).\n\n - drm/radeon: add missing crtc unlock when setting up the\n MC (bnc#904932).\n\n - drm/radeon/dpm: disable ulv support on SI (bnc#904932).\n\n - drm/radeon: fix endian swapping in vbios fetch for tdp\n table (bnc#904932).\n\n - drm/radeon: fix speaker allocation setup (bnc#904932).\n\n - drm/radeon: initialize sadb to NULL in the audio code\n (bnc#904932).\n\n - drm/radeon: make sure mode init is complete in\n bandwidth_update (bnc#904932).\n\n - drm/radeon: report disconnected for LVDS/eDP with PX if\n ddc fails (bnc#904417).\n\n - drm/radeon: set correct CE ram size for CIK\n (bnc#904932).\n\n - drm/radeon: Use drm_malloc_ab instead of kmalloc_array\n (bnc#904932).\n\n - drm/radeon: use gart for DMA IB tests (bnc#904932).\n\n - drm/radeon: use gart memory for DMA ring tests\n (bnc#904932).\n\n - drm/tilcdc: Fix the error path in tilcdc_load()\n (bko#86071).\n\n - hp_accel: Add support for HP ZBook 15 (bnc#905329).\n\n - ideapad-laptop: Change Lenovo Yoga 2 series rfkill\n handling (bnc#904289).\n\n - Input: i8042 - also set the firmware id for MUXed ports\n (bnc#897112).\n\n - Input: psmouse - add psmouse_matches_pnp_id helper\n function (bnc#897112).\n\n - Input: psmouse - add support for detecting FocalTech\n PS/2 touchpads (bnc#897112).\n\n - Input: synaptics - add min/max quirk for Lenovo T440s\n (bnc#903748).\n\n - irqchip: gic: preserve gic V2 bypass bits in cpu ctrl\n register (bnc#902632).\n\n - iwlwifi: dvm: drop non VO frames when flushing\n (bnc#900786).\n\n - KEYS: Allow special keys (eg. DNS results) to be\n invalidated by CAP_SYS_ADMIN (bnc#904717).\n\n - KEYS: Fix stale key registration at error path\n (bnc#908163).\n\n - KEYS: Fix the size of the key description passed to/from\n userspace (bnc#904717).\n\n - KEYS: Increase root_maxkeys and root_maxbytes sizes\n (bnc#904717).\n\n - KEYS: request_key() should reget expired keys rather\n than give EKEYEXPIRED (bnc#904717).\n\n - KEYS: Simplify KEYRING_SEARCH_(NO,DO)_STATE_CHECK flags\n (bnc#904717).\n\n - KVM: ARM: Add arm,gic-400 compatible support\n (bnc#902632).\n\n - KVM: ARM: Hack to enable VGIC mapping on 64k PAGE_SIZE\n kernels (bnc#902633).\n\n - Limit xgbe a0 driver to arm64\n\n - net/xgbe: Add A0 silicon support (bnc#902632).\n\n - of/pci: Add pci_get_new_domain_nr() and\n of_get_pci_domain_nr() (bnc#902632).\n\n - of/pci: Add pci_register_io_range() and\n pci_pio_to_address() (bnc#902632).\n\n - of/pci: Add support for parsing PCI host bridge\n resources from DT (bnc#902632).\n\n - of/pci: Fix the conversion of IO ranges into IO\n resources (bnc#902632).\n\n - of/pci: Move of_pci_range_to_resource() to of/address.c\n (bnc#902632).\n\n - parport: parport_pc, do not remove parent devices early\n (bnc#856659).\n\n - PCI: Add generic domain handling (bnc#902632).\n\n - PCI: Add pci_remap_iospace() to map bus I/O resources\n (bnc#902632).\n\n - PCI: xgene: Add APM X-Gene PCIe driver (bnc#902632).\n\n - power: reset: Add generic SYSCON register mapped reset\n (bnc#902632).\n\n - power: reset: Remove X-Gene reboot driver (bnc#902632).\n\n - quirk for Lenovo Yoga 3: no rfkill switch (bnc#904289).\n\n - reiserfs: destroy allocated commit workqueue.\n\n - rtc: ia64: allow other architectures to use EFI RTC\n (bnc#902632).\n\n - scripts/tags.sh: Do not specify kind-spec for emacs\n ctags/etags.\n\n - scripts/tags.sh: fix DEFINE_HASHTABLE in emacs case.\n\n - tags.sh: Fixup regex definition for etags.\n\n - ttusb-dec: buffer overflow in ioctl (bnc#905739).\n\n - usb: Add support for Synopsis H20AHB EHCI host\n controller (bnc#902632).\n\n - usb: fix hcd h20ahb driver depends (bnc#902632).\n\n - usb: uvc: add a quirk for Dell XPS M1330 webcam\n (bnc#904539).\n\n - usb: uvc: Fix destruction order in uvc_delete()\n (bnc#897736).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=665315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=856659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=897112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=897736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=900786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=902346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=902349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=902351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=902632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=902633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=902728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=903748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=903986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-macros-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-3.16.7-7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-debugsource-3.16.7-7.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-3.16.7-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-xen-3.16.7-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-vanilla-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-syms-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.16.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.16.7-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:42:20", "description": "An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nA NULL pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2443-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-8134", "CVE-2014-8884", "CVE-2014-9090"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2443-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2443-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80030);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7841\", \"CVE-2014-8134\", \"CVE-2014-8884\", \"CVE-2014-9090\");\n script_bugtraq_id(70971, 70972, 71081, 71097, 71250);\n script_xref(name:\"USN\", value:\"2443-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2443-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An information leak in the Linux kernel was discovered that could leak\nthe high 16 bits of the kernel stack address on 32-bit Kernel Virtual\nMachine (KVM) paravirt guests. A user in the guest OS could exploit\nthis leak to obtain information that could potentially be used to aid\nin attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace\nsubsystem of the Linux kernel does not properly handle private syscall\nnumbers. A local user could exploit this flaw to cause a denial of\nservice (OOPS). (CVE-2014-7826)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in\nhow the perf subsystem of the Linux kernel handles private systecall\nnumbers. A local user could exploit this to cause a denial of service\n(OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nA NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly\nhandle faults associated with the Stack Segment (SS) register on the\nx86 architecture. A local attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2443-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7841\", \"CVE-2014-8134\", \"CVE-2014-8884\", \"CVE-2014-9090\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2443-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-74-generic\", pkgver:\"3.2.0-74.109\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-74-generic-pae\", pkgver:\"3.2.0-74.109\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-74-highbank\", pkgver:\"3.2.0-74.109\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-74-virtual\", pkgver:\"3.2.0-74.109\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:30:13", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation :\n\n - CVE-2014-7841 Liu Wei of Red Hat discovered that a SCTP server doing ASCONF will panic on malformed INIT chunks by triggering a NULL pointer dereference.\n\n - CVE-2014-8369 A flaw was discovered in the way iommu mapping failures were handled in the kvm_iommu_map_pages() function in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS.\n\n - CVE-2014-8884 A stack-based buffer overflow flaw was discovered in the TechnoTrend/Hauppauge DEC USB driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges.\n\n - CVE-2014-9090 Andy Lutomirski discovered that the do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-09T00:00:00", "type": "nessus", "title": "Debian DSA-3093-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-8369", "CVE-2014-8884", "CVE-2014-9090"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3093.NASL", "href": "https://www.tenable.com/plugins/nessus/79807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3093. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79807);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-8369\", \"CVE-2014-8884\", \"CVE-2014-9090\");\n script_bugtraq_id(70749, 71081, 71097, 71250);\n script_xref(name:\"DSA\", value:\"3093\");\n\n script_name(english:\"Debian DSA-3093-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation :\n\n - CVE-2014-7841\n Liu Wei of Red Hat discovered that a SCTP server doing\n ASCONF will panic on malformed INIT chunks by triggering\n a NULL pointer dereference.\n\n - CVE-2014-8369\n A flaw was discovered in the way iommu mapping failures\n were handled in the kvm_iommu_map_pages() function in\n the Linux kernel. A guest OS user could exploit this\n flaw to cause a denial of service (host OS memory\n corruption) or possibly have other unspecified impact on\n the host OS.\n\n - CVE-2014-8884\n A stack-based buffer overflow flaw was discovered in the\n TechnoTrend/Hauppauge DEC USB driver. A local user with\n write access to the corresponding device could use this\n flaw to crash the kernel or, potentially, elevate their\n privileges.\n\n - CVE-2014-9090\n Andy Lutomirski discovered that the do_double_fault\n function in arch/x86/kernel/traps.c in the Linux kernel\n did not properly handle faults associated with the Stack\n Segment (SS) segment register, which allows local users\n to cause a denial of service (panic).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-7841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3093\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.63-2+deb7u2. This update also includes fixes for\nregressions introduced by previous updates.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.63-2+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-02-21T16:41:50", "description": "An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop).\n(CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the ext4_file_write_iter function of the Linux kernel's ext4 filesystem. A local user could exploit this flaw to cause a denial of service (file unavailability). (CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2447-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-8086", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2447-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2447-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80033);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7970\", \"CVE-2014-8086\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n script_bugtraq_id(70319, 70376, 70749, 70766, 70768, 70883, 70971, 70972, 71250);\n script_xref(name:\"USN\", value:\"2447-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2447-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An information leak in the Linux kernel was discovered that could leak\nthe high 16 bits of the kernel stack address on 32-bit Kernel Virtual\nMachine (KVM) paravirt guests. A user in the guest OS could exploit\nthis leak to obtain information that could potentially be used to aid\nin attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace\nsubsystem of the Linux kernel does not properly handle private syscall\nnumbers. A local user could exploit this flaw to cause a denial of\nservice (OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control\nTransmission Protocol) implementation in the Linux kernel can cause\nmemory pressure. A remote attacker could exploit this flaw to cause a\ndenial of service. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in\nhow the perf subsystem of the Linux kernel handles private systecall\nnumbers. A local user could exploit this to cause a denial of service\n(OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles\npivot_root when used with a chroot directory. A local user could\nexploit this flaw to cause a denial of service (mount-tree loop).\n(CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the\next4_file_write_iter function of the Linux kernel's ext4 filesystem. A\nlocal user could exploit this flaw to cause a denial of service (file\nunavailability). (CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel\nmiscalculates the number of memory pages during the handling of a\nmapping failure. A guest OS user could exploit this to cause a denial\nof service (host OS page unpinning) or possibly have unspecified other\nimpact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly\nhandle faults associated with the Stack Segment (SS) register on the\nx86 architecture. A local attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2447-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7970\", \"CVE-2014-8086\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2447-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-28-generic\", pkgver:\"3.16.0-28.37~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-28-generic-lpae\", pkgver:\"3.16.0-28.37~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-28-lowlatency\", pkgver:\"3.16.0-28.37~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:41:38", "description": "An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop).\n(CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the ext4_file_write_iter function of the Linux kernel's ext4 filesystem. A local user could exploit this flaw to cause a denial of service (file unavailability). (CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.10 : linux vulnerabilities (USN-2448-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-8086", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2448-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2448-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80034);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7970\", \"CVE-2014-8086\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n script_bugtraq_id(70319, 70376, 70749, 70766, 70768, 70883, 70971, 70972, 71250);\n script_xref(name:\"USN\", value:\"2448-1\");\n\n script_name(english:\"Ubuntu 14.10 : linux vulnerabilities (USN-2448-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An information leak in the Linux kernel was discovered that could leak\nthe high 16 bits of the kernel stack address on 32-bit Kernel Virtual\nMachine (KVM) paravirt guests. A user in the guest OS could exploit\nthis leak to obtain information that could potentially be used to aid\nin attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace\nsubsystem of the Linux kernel does not properly handle private syscall\nnumbers. A local user could exploit this flaw to cause a denial of\nservice (OOPS). (CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux kernel was\ndiscovered. A remote attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control\nTransmission Protocol) implementation in the Linux kernel can cause\nmemory pressure. A remote attacker could exploit this flaw to cause a\ndenial of service. (CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in\nhow the perf subsystem of the Linux kernel handles private systecall\nnumbers. A local user could exploit this to cause a denial of service\n(OOPS) or bypass ASLR protections via a crafted application.\n(CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles\npivot_root when used with a chroot directory. A local user could\nexploit this flaw to cause a denial of service (mount-tree loop).\n(CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the\next4_file_write_iter function of the Linux kernel's ext4 filesystem. A\nlocal user could exploit this flaw to cause a denial of service (file\nunavailability). (CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel\nmiscalculates the number of memory pages during the handling of a\nmapping failure. A guest OS user could exploit this to cause a denial\nof service (host OS page unpinning) or possibly have unspecified other\nimpact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly\nhandle faults associated with the Stack Segment (SS) register on the\nx86 architecture. A local attacker could exploit this flaw to cause a\ndenial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2448-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7970\", \"CVE-2014-8086\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2448-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-28-generic\", pkgver:\"3.16.0-28.37\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-28-generic-lpae\", pkgver:\"3.16.0-28.37\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-28-lowlatency\", pkgver:\"3.16.0-28.37\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:42:20", "description": "USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nAn information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS).\n(CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic).\n(CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service.\n(CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the ext4_file_write_iter function of the Linux kernel's ext4 filesystem. A local user could exploit this flaw to cause a denial of service (file unavailability). (CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "Ubuntu 14.10 : linux regression (USN-2448-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-8086", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2448-2.NASL", "href": "https://www.tenable.com/plugins/nessus/80168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2448-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80168);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7970\", \"CVE-2014-8086\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n script_bugtraq_id(70319, 70376, 70749, 70766, 70768, 70883, 70971, 70972, 71250, 71650);\n script_xref(name:\"USN\", value:\"2448-2\");\n\n script_name(english:\"Ubuntu 14.10 : linux regression (USN-2448-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an\nunrelated regression TCP Throughput drops to zero for several drivers\nafter upgrading. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nAn information leak in the Linux kernel was discovered that could leak\nthe high 16 bits of the kernel stack address on 32-bit Kernel Virtual\nMachine (KVM) paravirt guests. A user in the guest OS could exploit\nthis leak to obtain information that could potentially be used to aid\nin attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that\nthe ftrace subsystem of the Linux kernel does not properly\nhandle private syscall numbers. A local user could exploit\nthis flaw to cause a denial of service (OOPS).\n(CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP\n(Stream Control Transmission Protocol) implementation in the\nLinux kernel was discovered. A remote attacker could exploit\nthis flaw to cause a denial of service (system crash).\n(CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP\n(Stream Control Transmission Protocol) implementation in the\nLinux kernel was discovered. A remote attacker could exploit\nthis flaw to cause a denial of service (panic).\n(CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux\nkernel can cause memory pressure. A remote attacker could\nexploit this flaw to cause a denial of service.\n(CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a\nflaw in how the perf subsystem of the Linux kernel handles\nprivate systecall numbers. A local user could exploit this\nto cause a denial of service (OOPS) or bypass ASLR\nprotections via a crafted application. (CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel\nhandles pivot_root when used with a chroot directory. A\nlocal user could exploit this flaw to cause a denial of\nservice (mount-tree loop). (CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the\next4_file_write_iter function of the Linux kernel's ext4\nfilesystem. A local user could exploit this flaw to cause a\ndenial of service (file unavailability). (CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux\nkernel miscalculates the number of memory pages during the\nhandling of a mapping failure. A guest OS user could exploit\nthis to cause a denial of service (host OS page unpinning)\nor possibly have unspecified other impact by leveraging\nguest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not\nproperly handle faults associated with the Stack Segment\n(SS) register on the x86 architecture. A local attacker\ncould exploit this flaw to cause a denial of service\n(panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2448-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7970\", \"CVE-2014-8086\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2448-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-28-generic\", pkgver:\"3.16.0-28.38\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-28-generic-lpae\", pkgver:\"3.16.0-28.38\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-28-lowlatency\", pkgver:\"3.16.0-28.38\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:41:38", "description": "USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nAn information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS).\n(CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic).\n(CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service.\n(CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the ext4_file_write_iter function of the Linux kernel's ext4 filesystem. A local user could exploit this flaw to cause a denial of service (file unavailability). (CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic regression (USN-2447-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-8086", "CVE-2014-8134", "CVE-2014-8369", "CVE-2014-9090"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2447-2.NASL", "href": "https://www.tenable.com/plugins/nessus/80167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2447-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80167);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7970\", \"CVE-2014-8086\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n script_bugtraq_id(70319, 70376, 70749, 70766, 70768, 70883, 70971, 70972, 71250, 71650);\n script_xref(name:\"USN\", value:\"2447-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic regression (USN-2447-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an\nunrelated regression TCP Throughput drops to zero for several drivers\nafter upgrading. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nAn information leak in the Linux kernel was discovered that could leak\nthe high 16 bits of the kernel stack address on 32-bit Kernel Virtual\nMachine (KVM) paravirt guests. A user in the guest OS could exploit\nthis leak to obtain information that could potentially be used to aid\nin attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that\nthe ftrace subsystem of the Linux kernel does not properly\nhandle private syscall numbers. A local user could exploit\nthis flaw to cause a denial of service (OOPS).\n(CVE-2014-7826)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP\n(Stream Control Transmission Protocol) implementation in the\nLinux kernel was discovered. A remote attacker could exploit\nthis flaw to cause a denial of service (system crash).\n(CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP\n(Stream Control Transmission Protocol) implementation in the\nLinux kernel was discovered. A remote attacker could exploit\nthis flaw to cause a denial of service (panic).\n(CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream\nControl Transmission Protocol) implementation in the Linux\nkernel can cause memory pressure. A remote attacker could\nexploit this flaw to cause a denial of service.\n(CVE-2014-3688)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a\nflaw in how the perf subsystem of the Linux kernel handles\nprivate systecall numbers. A local user could exploit this\nto cause a denial of service (OOPS) or bypass ASLR\nprotections via a crafted application. (CVE-2014-7825)\n\nAndy Lutomirski discovered a flaw in how the Linux kernel\nhandles pivot_root when used with a chroot directory. A\nlocal user could exploit this flaw to cause a denial of\nservice (mount-tree loop). (CVE-2014-7970)\n\nDmitry Monakhov discovered a race condition in the\next4_file_write_iter function of the Linux kernel's ext4\nfilesystem. A local user could exploit this flaw to cause a\ndenial of service (file unavailability). (CVE-2014-8086)\n\nThe KVM (kernel virtual machine) subsystem of the Linux\nkernel miscalculates the number of memory pages during the\nhandling of a mapping failure. A guest OS user could exploit\nthis to cause a denial of service (host OS page unpinning)\nor possibly have unspecified other impact by leveraging\nguest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not\nproperly handle faults associated with the Stack Segment\n(SS) register on the x86 architecture. A local attacker\ncould exploit this flaw to cause a denial of service\n(panic). (CVE-2014-9090).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2447-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7970\", \"CVE-2014-8086\", \"CVE-2014-8134\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2447-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-28-generic\", pkgver:\"3.16.0-28.38~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-28-generic-lpae\", pkgver:\"3.16.0-28.38~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-28-lowlatency\", pkgver:\"3.16.0-28.38~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:42:03", "description": "CVE-2014-3673 The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.\n\nCVE-2014-3687 The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-12-16T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel SCTP vulnerabilities (K15910)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL15910.NASL", "href": "https://www.tenable.com/plugins/nessus/80038", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15910.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80038);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\");\n script_bugtraq_id(70766, 70883);\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel SCTP vulnerabilities (K15910)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"CVE-2014-3673 The SCTP implementation in the Linux kernel through\n3.17.2 allows remote attackers to cause a denial of service (system\ncrash) via a malformed ASCONF chunk, related to\nnet/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.\n\nCVE-2014-3687 The sctp_assoc_lookup_asconf_ack function in\nnet/sctp/associola.c in the SCTP implementation in the Linux kernel\nthrough 3.17.2 allows remote attackers to cause a denial of service\n(panic) via duplicate ASCONF chunks that trigger an incorrect uncork\nwithin the side-effect interpreter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15910\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15910.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15910\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\",\"10.0.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.0.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.0.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\",\"10.0.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.1.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.0.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.1.0-11.3.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.0.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.1.0-11.3.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.0.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:40:36", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3088 advisory.\n\n - The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. (CVE-2014-3687)\n\n - The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (CVE-2014-3673)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-11-14T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3088)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2014-3088.NASL", "href": "https://www.tenable.com/plugins/nessus/79243", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3088.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79243);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\");\n script_bugtraq_id(70766, 70883);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3088)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2014-3088 advisory.\n\n - The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux\n kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF\n chunks that trigger an incorrect uncork within the side-effect interpreter. (CVE-2014-3687)\n\n - The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of\n service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c. (CVE-2014-3673)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2014-3088.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3687\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.215.13.el5uek', '2.6.39-400.215.13.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2014-3088');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.215.13.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.215.13.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.215.13.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.215.13.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.215.13.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.215.13.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.215.13.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.215.13.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.215.13.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.215.13.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.215.13.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.215.13.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.215.13.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.215.13.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.215.13.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.215.13.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.215.13.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.215.13.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.215.13.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.215.13.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:40:41", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3089 advisory.\n\n - The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. (CVE-2014-3687)\n\n - The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (CVE-2014-3673)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-11-19T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3089)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.11.el5uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.11.el5uekdebug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.11.el6uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.11.el6uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.11.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.11.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.11.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.11.el6uekdebug"], "id": "ORACLELINUX_ELSA-2014-3089.NASL", "href": "https://www.tenable.com/plugins/nessus/79325", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3089.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79325);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\");\n script_bugtraq_id(70766, 70883);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3089)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2014-3089 advisory.\n\n - The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux\n kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF\n chunks that trigger an incorrect uncork within the side-effect interpreter. (CVE-2014-3687)\n\n - The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of\n service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c. (CVE-2014-3673)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2014-3089.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3687\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.11.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.11.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.11.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.11.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.11.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.11.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.11.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.11.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-400.36.11.el5uek', '2.6.32-400.36.11.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2014-3089');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-400.36.11.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-400.36.11.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.11.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.11.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.11.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.11.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.11.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.11.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-400.36.11.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-400.36.11.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-400.36.11.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-400.36.11.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'mlnx_en-2.6.32-400.36.11.el5uek-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.11.el5uek-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.11.el5uekdebug-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.11.el5uekdebug-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.11.el5uek-1.5.1-4.0.58', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.11.el5uek-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.11.el5uekdebug-1.5.1-4.0.58', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.11.el5uekdebug-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-400.36.11.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-400.36.11.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.11.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.11.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.11.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.11.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.11.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.11.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-400.36.11.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-400.36.11.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-400.36.11.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-400.36.11.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'mlnx_en-2.6.32-400.36.11.el6uek-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.11.el6uek-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.11.el6uekdebug-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.11.el6uekdebug-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.11.el6uek-1.5.1-4.0.58', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.11.el6uek-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.11.el6uekdebug-1.5.1-4.0.58', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.11.el6uekdebug-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:40:07", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3087 advisory.\n\n - The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. (CVE-2014-3687)\n\n - The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (CVE-2014-3673)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-11-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3087)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-44.1.5.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-44.1.5.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2014-3087.NASL", "href": "https://www.tenable.com/plugins/nessus/79242", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3087.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79242);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\");\n script_bugtraq_id(70766, 70883);\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3087)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2014-3087 advisory.\n\n - The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux\n kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF\n chunks that trigger an incorrect uncork within the side-effect interpreter. (CVE-2014-3687)\n\n - The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of\n service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c. (CVE-2014-3673)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2014-3087.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3687\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-44.1.5.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-44.1.5.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-44.1.5.el6uek', '3.8.13-44.1.5.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2014-3087');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-44.1.5.el6uek-0.4.3-4.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-44.1.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-44.1.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-44.1.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-44.1.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-44.1.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-44.1.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-44.1.5.el7uek-0.4.3-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-44.1.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-44.1.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-44.1.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-44.1.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-44.1.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-44.1.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-44.1.5.el6uek / dtrace-modules-3.8.13-44.1.5.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:39:10", "description": "CVE fixes in KVM, ext4, and SCTP.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-10-29T00:00:00", "type": "nessus", "title": "Fedora 20 : kernel-3.16.6-202.fc20 (2014-13558)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-8086"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-13558.NASL", "href": "https://www.tenable.com/plugins/nessus/78715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-13558.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78715);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-3690\", \"CVE-2014-8086\");\n script_bugtraq_id(70376, 70691, 70883);\n script_xref(name:\"FEDORA\", value:\"2014-13558\");\n\n script_name(english:\"Fedora 20 : kernel-3.16.6-202.fc20 (2014-13558)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE fixes in KVM, ext4, and SCTP.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1147850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1151353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1155731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1155745\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141471.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ae20aa0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"kernel-3.16.6-202.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T14:26:34", "description": "Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\n* A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate)\n\n* An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low)\n\nRed Hat would like to thank Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes is available from the Technical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-01-21T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2015:0062)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-4608", "CVE-2014-5045"], "modified": "2020-08-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2015-0062.NASL", "href": "https://www.tenable.com/plugins/nessus/80878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0062. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80878);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/11\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-4608\", \"CVE-2014-5045\");\n script_xref(name:\"RHSA\", value:\"2015:0062\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2015:0062)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated kernel packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 6.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled malformed or duplicate Address Configuration Change Chunks\n(ASCONF). A remote attacker could use either of these flaws to crash\nthe system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled the association's output queue. A remote attacker could send\nspecially crafted packets that would cause the system to use an\nexcessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\n* A flaw was found in the way the Linux kernel's VFS subsystem handled\nreference counting when performing unmount operations on symbolic\nlinks. A local, unprivileged user could use this flaw to exhaust all\navailable memory on the system or, potentially, trigger a\nuse-after-free error, resulting in a system crash or privilege\nescalation. (CVE-2014-5045, Moderate)\n\n* An integer overflow flaw was found in the way the\nlzo1x_decompress_safe() function of the Linux kernel's LZO\nimplementation processed Literal Runs. A local attacker could, in\nextremely rare cases, use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-4608,\nLow)\n\nRed Hat would like to thank Vasily Averin of Parallels for reporting\nCVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting\nCVE-2014-4608. The CVE-2014-3673 issue was discovered by Liu Wei of\nRed Hat.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement. The system must be rebooted for this update to take\neffect.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-5045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3688\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-4608\", \"CVE-2014-5045\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:0062\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0062\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"kernel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-abi-whitelists-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-doc-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-firmware-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"perf-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"perf-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"python-perf-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"python-perf-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-431.46.2.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-14T14:15:32", "description": "The 3.14.27 stable update contains a number of important fixes across the tree.\\nThe 3.14.26 update contains a number of important fixes across the tree\\nThe 3.14.25 stable update contains a number of important fixes across the tree.\\nThe 3.14.24 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-01-06T00:00:00", "type": "nessus", "title": "Fedora 19 : kernel-3.14.27-100.fc19 (2014-17244)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-5313", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-7842", "CVE-2014-8134", "CVE-2014-9090"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-17244.NASL", "href": "https://www.tenable.com/plugins/nessus/80376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-17244.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80376);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-5313\", \"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-8134\", \"CVE-2014-9090\");\n script_bugtraq_id(70971, 70972, 71078, 71081, 71250, 71363, 71650);\n script_xref(name:\"FEDORA\", value:\"2014-17244\");\n\n script_name(english:\"Fedora 19 : kernel-3.14.27-100.fc19 (2014-17244)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.14.27 stable update contains a number of important fixes across\nthe tree.\\nThe 3.14.26 update contains a number of important fixes\nacross the tree\\nThe 3.14.25 stable update contains a number of\nimportant fixes across the tree.\\nThe 3.14.24 stable update contains a\nnumber of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1161565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1163087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1163762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1170691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1172765\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147478.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6701e6ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kernel-3.14.27-100.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-02T14:15:47", "description": "A NULL pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-01-14T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2467-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-7842", "CVE-2014-7843", "CVE-2014-8884"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2467-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80514", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2467-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80514);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_bugtraq_id(71078, 71081, 71082, 71097);\n script_xref(name:\"USN\", value:\"2467-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2467-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a\nsingle byte overflow in __clear_user. A local user could exploit this\nflaw to cause a denial of service (system crash) by reading one byte\nbeyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2467-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2467-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-29-generic\", pkgver:\"3.16.0-29.39~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-29-generic-lpae\", pkgver:\"3.16.0-29.39~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-29-lowlatency\", pkgver:\"3.16.0-29.39~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-02-02T14:15:47", "description": "A NULL pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-01-14T00:00:00", "type": "nessus", "title": "Ubuntu 14.10 : linux vulnerabilities (USN-2468-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-7842", "CVE-2014-7843", "CVE-2014-8884"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2468-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2468-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80515);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_bugtraq_id(71078, 71081, 71082, 71097);\n script_xref(name:\"USN\", value:\"2468-1\");\n\n script_name(english:\"Ubuntu 14.10 : linux vulnerabilities (USN-2468-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a\nsingle byte overflow in __clear_user. A local user could exploit this\nflaw to cause a denial of service (system crash) by reading one byte\nbeyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2468-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2468-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-29-generic\", pkgver:\"3.16.0-29.39\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-29-generic-lpae\", pkgver:\"3.16.0-29.39\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-29-lowlatency\", pkgver:\"3.16.0-29.39\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-02-02T14:15:25", "description": "A NULL pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-01-14T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2466-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-7842", "CVE-2014-7843", "CVE-2014-8884"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2466-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80513", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2466-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80513);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_bugtraq_id(71078, 71081, 71082, 71097);\n script_xref(name:\"USN\", value:\"2466-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2466-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a\nsingle byte overflow in __clear_user. A local user could exploit this\nflaw to cause a denial of service (system crash) by reading one byte\nbeyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2466-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2466-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-44-generic\", pkgver:\"3.13.0-44.73\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-44-generic-lpae\", pkgver:\"3.13.0-44.73\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-44-lowlatency\", pkgver:\"3.13.0-44.73\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-02-02T14:15:47", "description": "A NULL pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-01-14T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2465-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-7842", "CVE-2014-7843", "CVE-2014-8884"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2465-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2465-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80512);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_bugtraq_id(71078, 71081, 71082, 71097);\n script_xref(name:\"USN\", value:\"2465-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2465-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a\nsingle byte overflow in __clear_user. A local user could exploit this\nflaw to cause a denial of service (system crash) by reading one byte\nbeyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2465-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2465-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-44-generic\", pkgver:\"3.13.0-44.73~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-44-generic-lpae\", pkgver:\"3.13.0-44.73~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-18T14:41:49", "description": "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.\n(CVE-2014-7841)\n\nThe pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. (CVE-2014-7970)\n\nThe do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.\n(CVE-2014-9090)\n\nA flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.\n(CVE-2014-9322)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-05T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2014-455)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841", "CVE-2014-7970", "CVE-2014-9090", "CVE-2014-9322"], "modified": "2020-08-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-455.NASL", "href": "https://www.tenable.com/plugins/nessus/79725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-455.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79725);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7970\", \"CVE-2014-9090\", \"CVE-2014-9322\");\n script_xref(name:\"ALAS\", value:\"2014-455\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2014-455)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The sctp_process_param function in net/sctp/sm_make_chunk.c in the\nSCTP implementation in the Linux kernel before 3.17.4, when ASCONF is\nused, allows remote attackers to cause a denial of service (NULL\npointer dereference and system crash) via a malformed INIT chunk.\n(CVE-2014-7841)\n\nThe pivot_root implementation in fs/namespace.c in the Linux kernel\nthrough 3.17 does not properly interact with certain locations of a\nchroot directory, which allows local users to cause a denial of\nservice (mount-tree loop) via . (dot) values in both arguments to the\npivot_root system call. (CVE-2014-7970)\n\nThe do_double_fault function in arch/x86/kernel/traps.c in the Linux\nkernel through 3.17.4 does not properly handle faults associated with\nthe Stack Segment (SS) segment register, which allows local users to\ncause a denial of service (panic) via a modify_ldt system call, as\ndemonstrated by sigreturn_32 in the linux-clock-tests test suite.\n(CVE-2014-9090)\n\nA flaw was found in the way the Linux kernel handled GS segment\nregister base switching when recovering from a #SS (stack segment)\nfault on an erroneous return to user space. A local, unprivileged user\ncould use this flaw to escalate their privileges on the system.\n(CVE-2014-9322)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-455.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Run 'yum clean all' followed by 'yum update kernel' to update your\nsystem. You will need to reboot your system in order for the new\nkernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-3.14.26-24.46.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-3.14.26-24.46.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:44:02", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive various security and bugfixes.\n\nThis update contains the following feature enablements :\n\n - The remote block device (rbd) and ceph drivers have been enabled and are now supported. (FATE#318350) These can be used e.g. for accessing the SUSE Enterprise Storage product services.\n\n - Support for Intel Select Bay trail CPUs has been added.\n (FATE#316038)\n\nFollowing security issues were fixed :\n\n - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 did not ensure that Thread Local Storage (TLS) descriptors were loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (bnc#911326).\n\n - CVE-2014-7822: A flaw was found in the way the Linux kernels splice() system call validated its parameters.\n On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system.\n\n - CVE-2014-8160: The connection tracking module could be bypassed if a specific protocol module was not loaded, e.g. allowing SCTP traffic while the firewall should have filtered it.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0529-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3673", "CVE-2014-3687", "CVE-2014-7822", "CVE-2014-7841", "CVE-2014-8160", "CVE-2014-8559", "CVE-2014-9419", "CVE-2014-9584"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-0529-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0529-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83702);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-7822\", \"CVE-2014-7841\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-9419\", \"CVE-2014-9584\");\n script_bugtraq_id(70766, 70854, 70883, 71081, 71794, 71883, 72061, 72347);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0529-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive\nvarious security and bugfixes.\n\nThis update contains the following feature enablements :\n\n - The remote block device (rbd) and ceph drivers have been\n enabled and are now supported. (FATE#318350) These can\n be used e.g. for accessing the SUSE Enterprise Storage\n product services.\n\n - Support for Intel Select Bay trail CPUs has been added.\n (FATE#316038)\n\nFollowing security issues were fixed :\n\n - CVE-2014-9419: The __switch_to function in\n arch/x86/kernel/process_64.c in the Linux kernel through\n 3.18.1 did not ensure that Thread Local Storage (TLS)\n descriptors were loaded before proceeding with other\n steps, which made it easier for local users to bypass\n the ASLR protection mechanism via a crafted application\n that reads a TLS base address (bnc#911326).\n\n - CVE-2014-7822: A flaw was found in the way the Linux\n kernels splice() system call validated its parameters.\n On certain file systems, a local, unprivileged user\n could have used this flaw to write past the maximum file\n size, and thus crash the system.\n\n - CVE-2014-8160: The connection tracking module could be\n bypassed if a specific protocol module was not loaded,\n e.g. allowing SCTP traffic while the firewall should\n have filtered it.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal\n function in fs/isofs/rock.c in the Linux kernel before\n 3.18.2 did not validate a length value in the Extensions\n Reference (ER) System Use Field, which allowed local\n users to obtain sensitive information from kernel memory\n via a crafted iso9660 image (bnc#912654).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=799216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=800255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=860346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=875220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=877456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=896484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=897736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=900270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=906196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3687/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7841/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8160/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8559/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9584/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150529-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75cca7a0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-130=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-130=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-130=1\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-130=1\n\nSUSE Linux Enterprise Live Patching 12 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-2015-130=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-130=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.38-44.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.38-44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:41:37", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.\n(CVE-2014-9322, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\n* A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low)\n\n* It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low)\n\n* It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags.\nAn attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat.\n\nBug fixes :\n\n* This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log. (BZ#1155427)\n\n* The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware. This update enables toleration mode for such devices so that the system can make use of newer crypto hardware.\n(BZ#1158311)\n\n* After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive.\nThis was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug. (BZ#1158325)\n\n* When using the ixgbe adapter with disabled LRO and the tx-usec or rs-usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs. (BZ#1158326)\n\n* The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue. (BZ#1158328)\n\n* Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected. (BZ#1161418)\n\n* A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable. (BZ#1161420)\n\n* Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly. (BZ#1161421)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-17T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2014:1997)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6657", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-9322"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2014-1997.NASL", "href": "https://www.tenable.com/plugins/nessus/80072", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1997. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80072);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-6657\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-5471\", \"CVE-2014-5472\", \"CVE-2014-6410\", \"CVE-2014-9322\");\n script_bugtraq_id(69396, 69428, 69799, 69803, 70766, 70768, 70883, 71685);\n script_xref(name:\"RHSA\", value:\"2014:1997\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2014:1997)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel handled GS segment\nregister base switching when recovering from a #SS (stack segment)\nfault on an erroneous return to user space. A local, unprivileged user\ncould use this flaw to escalate their privileges on the system.\n(CVE-2014-9322, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled malformed or duplicate Address Configuration Change Chunks\n(ASCONF). A remote attacker could use either of these flaws to crash\nthe system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled the association's output queue. A remote attacker could send\nspecially crafted packets that would cause the system to use an\nexcessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\n* A stack overflow flaw caused by infinite recursion was found in the\nway the Linux kernel's UDF file system implementation processed\nindirect ICBs. An attacker with physical access to the system could\nuse a specially crafted UDF image to crash the system. (CVE-2014-6410,\nLow)\n\n* It was found that the Linux kernel's networking implementation did\nnot correctly handle the setting of the keepalive socket option on raw\nsockets. A local user able to create a raw socket could use this flaw\nto crash the system. (CVE-2012-6657, Low)\n\n* It was found that the parse_rock_ridge_inode_internal() function of\nthe Linux kernel's ISOFS implementation did not correctly check\nrelocated directories when processing Rock Ridge child link (CL) tags.\nAn attacker with physical access to the system could use a specially\ncrafted ISO image to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting\nCVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of\nRed Hat.\n\nBug fixes :\n\n* This update fixes a race condition issue between the\nsock_queue_err_skb function and sk_forward_alloc handling in the\nsocket error queue (MSG_ERRQUEUE), which could occasionally cause the\nkernel, for example when using PTP, to incorrectly track allocated\nmemory for the error queue, in which case a traceback would occur in\nthe system log. (BZ#1155427)\n\n* The zcrypt device driver did not detect certain crypto cards and the\nrelated domains for crypto adapters on System z and s390x\narchitectures. Consequently, it was not possible to run the system on\nnew crypto hardware. This update enables toleration mode for such\ndevices so that the system can make use of newer crypto hardware.\n(BZ#1158311)\n\n* After mounting and unmounting an XFS file system several times\nconsecutively, the umount command occasionally became unresponsive.\nThis was caused by the xlog_cil_force_lsn() function that was not\nwaiting for completion as expected. With this update,\nxlog_cil_force_lsn() has been modified to correctly wait for\ncompletion, thus fixing this bug. (BZ#1158325)\n\n* When using the ixgbe adapter with disabled LRO and the tx-usec or\nrs-usec variables set to 0, transmit interrupts could not be set lower\nthan the default of 8 buffered tx frames. Consequently, a delay of TCP\ntransfer occurred. The restriction of a minimum of 8 buffered frames\nhas been removed, and the TCP delay no longer occurs. (BZ#1158326)\n\n* The offb driver has been updated for the QEMU standard VGA adapter,\nfixing an incorrect displaying of colors issue. (BZ#1158328)\n\n* Under certain circumstances, when a discovered MTU expired, the IPv6\nconnection became unavailable for a short period of time. This bug has\nbeen fixed, and the connection now works as expected. (BZ#1161418)\n\n* A low throughput occurred when using the dm-thin driver to write to\nunprovisioned or shared chunks for a thin pool with the chunk size\nbigger than the max_sectors_kb variable. (BZ#1161420)\n\n* Large write workloads on thin LVs could cause the iozone and\nsmallfile utilities to terminate unexpectedly. (BZ#1161421)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-6410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-5472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-5471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9322\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-6657\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-5471\", \"CVE-2014-5472\", \"CVE-2014-6410\", \"CVE-2014-9322\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2014:1997\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1997\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:42:30", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.\n(CVE-2014-9322, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\n* A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low)\n\n* It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low)\n\n* It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags.\nAn attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat.\n\nBug fixes :\n\n* This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log. (BZ#1155427)\n\n* The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware. This update enables toleration mode for such devices so that the system can make use of newer crypto hardware.\n(BZ#1158311)\n\n* After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive.\nThis was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug. (BZ#1158325)\n\n* When using the ixgbe adapter with disabled LRO and the tx-usec or rs-usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs. (BZ#1158326)\n\n* The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue. (BZ#1158328)\n\n* Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected. (BZ#1161418)\n\n* A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable. (BZ#1161420)\n\n* Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly. (BZ#1161421)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-18T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2014:1997)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6657", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-9322"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2014-1997.NASL", "href": "https://www.tenable.com/plugins/nessus/80088", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1997 and \n# CentOS Errata and Security Advisory 2014:1997 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80088);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-6657\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-5471\", \"CVE-2014-5472\", \"CVE-2014-6410\", \"CVE-2014-9322\");\n script_bugtraq_id(69396, 69428, 69799, 69803, 70766, 70768, 70883, 71685);\n script_xref(name:\"RHSA\", value:\"2014:1997\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2014:1997)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel handled GS segment\nregister base switching when recovering from a #SS (stack segment)\nfault on an erroneous return to user space. A local, unprivileged user\ncould use this flaw to escalate their privileges on the system.\n(CVE-2014-9322, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled malformed or duplicate Address Configuration Change Chunks\n(ASCONF). A remote attacker could use either of these flaws to crash\nthe system. (CVE-2014-3673, CVE-2014-3687, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nhandled the association's output queue. A remote attacker could send\nspecially crafted packets that would cause the system to use an\nexcessive amount of memory, leading to a denial of service.\n(CVE-2014-3688, Important)\n\n* A stack overflow flaw caused by infinite recursion was found in the\nway the Linux kernel's UDF file system implementation processed\nindirect ICBs. An attacker with physical access to the system could\nuse a specially crafted UDF image to crash the system. (CVE-2014-6410,\nLow)\n\n* It was found that the Linux kernel's networking implementation did\nnot correctly handle the setting of the keepalive socket option on raw\nsockets. A local user able to create a raw socket could use this flaw\nto crash the system. (CVE-2012-6657, Low)\n\n* It was found that the parse_rock_ridge_inode_internal() function of\nthe Linux kernel's ISOFS implementation did not correctly check\nrelocated directories when processing Rock Ridge child link (CL) tags.\nAn attacker with physical access to the system could use a specially\ncrafted ISO image to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting\nCVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of\nRed Hat.\n\nBug fixes :\n\n* This update fixes a race condition issue between the\nsock_queue_err_skb function and sk_forward_alloc handling in the\nsocket error queue (MSG_ERRQUEUE), which could occasionally cause the\nkernel, for example when using PTP, to incorrectly track allocated\nmemory for the error queue, in which case a traceback would occur in\nthe system log. (BZ#1155427)\n\n* The zcrypt device driver did not detect certain crypto cards and the\nrelated domains for crypto adapters on System z and s390x\narchitectures. Consequently, it was not possible to run the system on\nnew crypto hardware. This update enables toleration mode for such\ndevices so that the system can make use of newer crypto hardware.\n(BZ#1158311)\n\n* After mounting and unmounting an XFS file system several times\nconsecutively, the umount command occasionally became unresponsive.\nThis was caused by the xlog_cil_force_lsn() function that was not\nwaiting for completion as expected. With this update,\nxlog_cil_force_lsn() has been modified to correctly wait for\ncompletion, thus fixing this bug. (BZ#1158325)\n\n* When using the ixgbe adapter with disabled LRO and the tx-usec or\nrs-usec variables set to 0, transmit interrupts could not be set lower\nthan the default of 8 buffered tx frames. Consequently, a delay of TCP\ntransfer occurred. The restriction of a minimum of 8 buffered frames\nhas been removed, and the TCP delay no longer occurs. (BZ#1158326)\n\n* The offb driver has been updated for the QEMU standard VGA adapter,\nfixing an incorrect displaying of colors issue. (BZ#1158328)\n\n* Under certain circumstances, when a discovered MTU expired, the IPv6\nconnection became unavailable for a short period of time. This bug has\nbeen fixed, and the connection now works as expected. (BZ#1161418)\n\n* A low throughput occurred when using the dm-thin driver to write to\nunprovisioned or shared chunks for a thin pool with the chunk size\nbigger than the max_sectors_kb variable. (BZ#1161420)\n\n* Large write workloads on thin LVs could cause the iozone and\nsmallfile utilities to terminate unexpectedly. (BZ#1161421)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-December/020838.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd6a20a8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3673\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-504.3.3.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:41:48", "description": "- A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system.\n (CVE-2014-3673, CVE-2014-3687, Important)\n\n - A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.\n (CVE-2014-3688, Important)\n\n - A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low)\n\n - It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low)\n\n - It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)\n\nBug fixes :\n\n - This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log.\n\n - The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware.\n This update enables toleration mode for such devices so that the system can make use of newer crypto hardware.\n\n - After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive. This was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug.\n\n - When using the ixgbe adapter with disabled LRO and the tx-usec or rs- usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs.\n\n - The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue.\n\n - Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected.\n\n - A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable.\n\n - Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141216)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6657", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-9322"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141216_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/80099", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80099);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-6657\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-5471\", \"CVE-2014-5472\", \"CVE-2014-6410\", \"CVE-2014-9322\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141216)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\" - A flaw was found in the way the Linux kernel's SCTP\n implementation handled malformed or duplicate Address\n Configuration Change Chunks (ASCONF). A remote attacker\n could use either of these flaws to crash the system.\n (CVE-2014-3673, CVE-2014-3687, Important)\n\n - A flaw was found in the way the Linux kernel's SCTP\n implementation handled the association's output queue. A\n remote attacker could send specially crafted packets\n that would cause the system to use an excessive amount\n of memory, leading to a denial of service.\n (CVE-2014-3688, Important)\n\n - A stack overflow flaw caused by infinite recursion was\n found in the way the Linux kernel's UDF file system\n implementation processed indirect ICBs. An attacker with\n physical access to the system could use a specially\n crafted UDF image to crash the system. (CVE-2014-6410,\n Low)\n\n - It was found that the Linux kernel's networking\n implementation did not correctly handle the setting of\n the keepalive socket option on raw sockets. A local user\n able to create a raw socket could use this flaw to crash\n the system. (CVE-2012-6657, Low)\n\n - It was found that the parse_rock_ridge_inode_internal()\n function of the Linux kernel's ISOFS implementation did\n not correctly check relocated directories when\n processing Rock Ridge child link (CL) tags. An attacker\n with physical access to the system could use a specially\n crafted ISO image to crash the system or, potentially,\n escalate their privileges on the system. (CVE-2014-5471,\n CVE-2014-5472, Low)\n\nBug fixes :\n\n - This update fixes a race condition issue between the\n sock_queue_err_skb function and sk_forward_alloc\n handling in the socket error queue (MSG_ERRQUEUE), which\n could occasionally cause the kernel, for example when\n using PTP, to incorrectly track allocated memory for the\n error queue, in which case a traceback would occur in\n the system log.\n\n - The zcrypt device driver did not detect certain crypto\n cards and the related domains for crypto adapters on\n System z and s390x architectures. Consequently, it was\n not possible to run the system on new crypto hardware.\n This update enables toleration mode for such devices so\n that the system can make use of newer crypto hardware.\n\n - After mounting and unmounting an XFS file system several\n times consecutively, the umount command occasionally\n became unresponsive. This was caused by the\n xlog_cil_force_lsn() function that was not waiting for\n completion as expected. With this update,\n xlog_cil_force_lsn() has been modified to correctly wait\n for completion, thus fixing this bug.\n\n - When using the ixgbe adapter with disabled LRO and the\n tx-usec or rs- usec variables set to 0, transmit\n interrupts could not be set lower than the default of 8\n buffered tx frames. Consequently, a delay of TCP\n transfer occurred. The restriction of a minimum of 8\n buffered frames has been removed, and the TCP delay no\n longer occurs.\n\n - The offb driver has been updated for the QEMU standard\n VGA adapter, fixing an incorrect displaying of colors\n issue.\n\n - Under certain circumstances, when a discovered MTU\n expired, the IPv6 connection became unavailable for a\n short period of time. This bug has been fixed, and the\n connection now works as expected.\n\n - A low throughput occurred when using the dm-thin driver\n to write to unprovisioned or shared chunks for a thin\n pool with the chunk size bigger than the max_sectors_kb\n variable.\n\n - Large write workloads on thin LVs could cause the iozone\n and smallfile utilities to terminate unexpectedly.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1412&L=scientific-linux-errata&T=0&P=2965\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?950ff48d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-504.3.3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-504.3.3.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:42:30", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1997 advisory.\n\n - The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. (CVE-2014-3687)\n\n - The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (CVE-2014-3673)\n\n - The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. (CVE-2014-3688)\n\n - The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. (CVE-2014-6410)\n\n - The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. (CVE-2012-6657)\n\n - Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (CVE-2014-5471)\n\n - The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (CVE-2014-5472)\n\n - arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. (CVE-2014-9322)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-12-17T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2014-1997)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6657", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-9322"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2014-1997.NASL", "href": "https://www.tenable.com/plugins/nessus/80070", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-1997.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80070);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2012-6657\",\n \"CVE-2014-3673\",\n \"CVE-2014-3687\",\n \"CVE-2014-3688\",\n \"CVE-2014-5471\",\n \"CVE-2014-5472\",\n \"CVE-2014-6410\",\n \"CVE-2014-9322\"\n );\n script_bugtraq_id(\n 69396,\n 69428,\n 69799,\n 69803,\n 70743,\n 70745,\n 70746,\n 70766,\n 70768,\n 70883,\n 71685\n );\n script_xref(name:\"RHSA\", value:\"2014:1997\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2014-1997)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2014-1997 advisory.\n\n - The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux\n kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF\n chunks that trigger an incorrect uncork within the side-effect interpreter. (CVE-2014-3687)\n\n - The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of\n service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c. (CVE-2014-3673)\n\n - The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of\n service (memory consumption) by triggering a large number of chunks in an association's output queue, as\n demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. (CVE-2014-3688)\n\n - The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the\n amount of ICB indirection, which allows physically proximate attackers to cause a denial of service\n (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. (CVE-2014-6410)\n\n - The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a\n keepalive action is associated with a stream socket, which allows local users to cause a denial of service\n (system crash) by leveraging the ability to create a raw socket. (CVE-2012-6657)\n\n - Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the\n Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and\n system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that\n has a CL entry. (CVE-2014-5471)\n\n - The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows\n local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a\n self-referential CL entry. (CVE-2014-5472)\n\n - arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated\n with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an\n IRET instruction that leads to access to a GS Base address from the wrong space. (CVE-2014-9322)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2014-1997.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9322\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-504.3.3.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2014-1997');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-504.3.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-504.3.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-504.3.3.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-504.3.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-504.3.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-504.3.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-504.3.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-504.3.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-504.3.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-504.3.3.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-504.3.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-504.3.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-504.3.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-504.3.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-504.3.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-504.3.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:40:05", "description": "The 3.14.23 stable update contains a number of important fixes across the tree. Various security fixes for KVM and SCTP\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "Fedora 19 : kernel-3.14.23-100.fc19 (2014-14068)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-8369"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-14068.NASL", "href": "https://www.tenable.com/plugins/nessus/79258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14068.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79258);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3610\", \"CVE-2014-3611\", \"CVE-2014-3646\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-3690\", \"CVE-2014-8369\");\n script_xref(name:\"FEDORA\", value:\"2014-14068\");\n\n script_name(english:\"Fedora 19 : kernel-3.14.23-100.fc19 (2014-14068)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.14.23 stable update contains a number of important fixes across\nthe tree. Various security fixes for KVM and SCTP\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1144825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1144878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1144883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1147850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1155731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1155745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1156518\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144040.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a91eaf31\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kernel-3.14.23-100.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:43:08", "description": "The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to fix security issues on kernels on the x86_64 architecture.\n\nThe following security bugs have been fixed :\n\n - CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404).\n\n - CVE-2014-8160: SCTP firewalling failed until the SCTP module was loaded (bnc#913059).\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654).\n\n - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705).\n\n - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bnc#911325).\n\n - CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051).\n\n - CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allowed L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842 (bnc#907822).\n\n - CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312).\n\n - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n\n - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349).\n\n - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).\n\n - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100).\n\n - CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700).\n\n - CVE-2013-7263: The Linux kernel before 3.12.4 updated certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643).\n\n - CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779).\n\n - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391).\n\n - CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0652-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-5313", "CVE-2012-6657", "CVE-2013-4299", "CVE-2013-7263", "CVE-2014-0181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-7842", "CVE-2014-8160", "CVE-2014-8709", "CVE-2014-9420", "CVE-2014-9584", "CVE-2014-9585"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:xen-kmp-trace", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-0652-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83708", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0652-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83708);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-5313\", \"CVE-2012-6657\", \"CVE-2013-4299\", \"CVE-2013-7263\", \"CVE-2014-0181\", \"CVE-2014-3184\", \"CVE-2014-3185\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-8160\", \"CVE-2014-8709\", \"CVE-2014-9420\", \"CVE-2014-9584\", \"CVE-2014-9585\");\n script_bugtraq_id(63183, 64686, 67034, 69768, 69781, 69803, 70766, 70768, 70883, 70965, 71078, 71081, 71363, 71717, 71883, 71990, 72061);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0652-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to\nfix security issues on kernels on the x86_64 architecture.\n\nThe following security bugs have been fixed :\n\n - CVE-2013-4299: Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel\n through 3.11.6 allowed remote authenticated users to\n obtain sensitive information or modify data via a\n crafted mapping to a snapshot block device (bnc#846404).\n\n - CVE-2014-8160: SCTP firewalling failed until the SCTP\n module was loaded (bnc#913059).\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal\n function in fs/isofs/rock.c in the Linux kernel before\n 3.18.2 did not validate a length value in the Extensions\n Reference (ER) System Use Field, which allowed local\n users to obtain sensitive information from kernel memory\n via a crafted iso9660 image (bnc#912654).\n\n - CVE-2014-9585: The vdso_addr function in\n arch/x86/vdso/vma.c in the Linux kernel through 3.18.2\n did not properly choose memory locations for the vDSO\n area, which made it easier for local users to bypass the\n ASLR protection mechanism by guessing a location at the\n end of a PMD (bnc#912705).\n\n - CVE-2014-9420: The rock_continue function in\n fs/isofs/rock.c in the Linux kernel through 3.18.1 did\n not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of\n service (infinite loop, and system crash or hang) via a\n crafted iso9660 image (bnc#911325).\n\n - CVE-2014-0181: The Netlink implementation in the Linux\n kernel through 3.14.1 did not provide a mechanism for\n authorizing socket operations based on the opener of a\n socket, which allowed local users to bypass intended\n access restrictions and modify network configurations by\n using a Netlink socket for the (1) stdout or (2) stderr\n of a setuid program (bnc#875051).\n\n - CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in\n the Linux kernel before 2.6.38 allowed L2 guest OS users\n to cause a denial of service (L1 guest OS crash) via a\n crafted instruction that triggers an L2 emulation\n failure report, a similar issue to CVE-2014-7842\n (bnc#907822).\n\n - CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in\n the Linux kernel before 3.17.4 allowed guest OS users to\n cause a denial of service (guest OS crash) via a crafted\n application that performs an MMIO transaction or a PIO\n transaction to trigger a guest userspace emulation error\n report, a similar issue to CVE-2010-5313 (bnc#905312).\n\n - CVE-2014-3688: The SCTP implementation in the Linux\n kernel before 3.17.4 allowed remote attackers to cause a\n denial of service (memory consumption) by triggering a\n large number of chunks in an associations output queue,\n as demonstrated by ASCONF probes, related to\n net/sctp/inqueue.c and net/sctp/sm_statefuns.c\n (bnc#902351).\n\n - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function\n in net/sctp/associola.c in the SCTP implementation in\n the Linux kernel through 3.17.2 allowed remote attackers\n to cause a denial of service (panic) via duplicate\n ASCONF chunks that trigger an incorrect uncork within\n the side-effect interpreter (bnc#902349).\n\n - CVE-2014-3673: The SCTP implementation in the Linux\n kernel through 3.17.2 allowed remote attackers to cause\n a denial of service (system crash) via a malformed\n ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c (bnc#902346).\n\n - CVE-2014-7841: The sctp_process_param function in\n net/sctp/sm_make_chunk.c in the SCTP implementation in\n the Linux kernel before 3.17.4, when ASCONF is used,\n allowed remote attackers to cause a denial of service\n (NULL pointer dereference and system crash) via a\n malformed INIT chunk (bnc#905100).\n\n - CVE-2014-8709: The ieee80211_fragment function in\n net/mac80211/tx.c in the Linux kernel before 3.13.5 did\n not properly maintain a certain tail pointer, which\n allowed remote attackers to obtain sensitive cleartext\n information by reading packets (bnc#904700).\n\n - CVE-2013-7263: The Linux kernel before 3.12.4 updated\n certain length values before ensuring that associated\n data structures have been initialized, which allowed\n local users to obtain sensitive information from kernel\n stack memory via a (1) recvfrom, (2) recvmmsg, or (3)\n recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and\n net/ipv6/udp.c (bnc#857643).\n\n - CVE-2012-6657: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel before 3.5.7 did not\n ensure that a keepalive action is associated with a\n stream socket, which allowed local users to cause a\n denial of service (system crash) by leveraging the\n ability to create a raw socket (bnc#896779).\n\n - CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB\n Serial Driver in the Linux kernel before 3.16.2 allowed\n physically proximate attackers to execute arbitrary code\n or cause a denial of service (memory corruption and\n system crash) via a crafted device that provides a large\n amount of (1) EHCI or (2) XHCI data associated with a\n bulk response (bnc#896391).\n\n - CVE-2014-3184: The report_fixup functions in the HID\n subsystem in the Linux kernel before 3.16.2 might allow\n physically proximate attackers to cause a denial of\n service (out-of-bounds write) via a crafted device that\n provides a small report descriptor, related to (1)\n drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\n drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c,\n (5) drivers/hid/hid-petalynx.c, and (6)\n drivers/hid/hid-sunplus.c (bnc#896390).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=771619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=833820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=846404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=857643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=875051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=885077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=891211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=892235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=896390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=896391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=896779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915826\"\n );\n # https://download.suse.com/patch/finder/?keywords=01007b3b761286f24a9cd5a7197794e2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?859a6bb5\"\n );\n # https://download.suse.com/patch/finder/?keywords=8944e139fcc8a84a52412d23cce7f98a\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8b31cc6\"\n );\n # https://download.suse.com/patch/finder/?keywords=a5e2892de750f2c5d2fba65db2f8b808\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c8f1473\"\n );\n # https://download.suse.com/patch/finder/?keywords=afe31f60701fa39738b0574722eb95ef\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d3e3539\"\n );\n # https://download.suse.com/patch/finder/?keywords=cfbfe04e5c8b61b50f91d849de2217e9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?958976ab\"\n );\n # https://download.suse.com/patch/finder/?keywords=ef5762f62e2e26eab3ef31d6b58ad159\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5151205f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2010-5313/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7263/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0181/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3687/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7841/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7842/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8160/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8709/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9585/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150652-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25324753\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-kernel=10315 slessp1-kernel=10316\nslessp1-kernel=10317\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-ec2-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-0.9.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-0.9.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-pae-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-pae-base-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.9.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-default-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-default-base-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-default-devel-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-source-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-syms-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-trace-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-trace-base-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-trace-devel-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-ec2-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-ec2-base-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-ec2-devel-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-xen-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.19-0.9.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.19-0.9.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-pae-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.59-0.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.9.17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-07T14:30:50", "description": "Small bugfix update. A few AArch64 fixes and a patch to quiet a common i915 warning.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Fedora 21 : kernel-3.17.4-302.fc21 (2014-16448)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9090"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-16448.NASL", "href": "https://www.tenable.com/plugins/nessus/79947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16448.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79947);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9090\");\n script_bugtraq_id(71250);\n script_xref(name:\"FEDORA\", value:\"2014-16448\");\n\n script_name(english:\"Fedora 21 : kernel-3.17.4-302.fc21 (2014-16448)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Small bugfix update. A few AArch64 fixes and a patch to quiet a common\ni915 warning.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1170691\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145786.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f15e22f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"kernel-3.17.4-302.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-07T14:30:30", "description": "The 3.17.6 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Fedora 20 : kernel-3.17.6-200.fc20 (2014-16632)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9090"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-16632.NASL", "href": "https://www.tenable.com/plugins/nessus/79953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16632.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79953);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9090\");\n script_xref(name:\"FEDORA\", value:\"2014-16632\");\n\n script_name(english:\"Fedora 20 : kernel-3.17.6-200.fc20 (2014-16632)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.17.6 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1170691\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146138.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a728f0c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"kernel-3.17.6-200.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:37:46", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-3004 advisory.\n\n - The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-01-30T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3004)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2015-3004.NASL", "href": "https://www.tenable.com/plugins/nessus/81101", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3004.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81101);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2014-7841\");\n script_bugtraq_id(71081);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2015-3004 advisory.\n\n - The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel\n before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2015-3004.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7841\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.246.2.el5uek', '2.6.39-400.246.2.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2015-3004');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.246.2.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.246.2.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.246.2.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.246.2.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.246.2.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.246.2.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.246.2.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.246.2.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.246.2.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.246.2.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.246.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.246.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.246.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.246.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.246.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.246.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.246.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.246.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.246.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.246.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T14:37:44", "description": "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.\n(CVE-2014-7841)", "cvss3": {}, "published": "2015-01-22T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel SCTP vulnerability (K16016)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16016.NASL", "href": "https://www.tenable.com/plugins/nessus/80891", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16016.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80891);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2014-7841\");\n script_bugtraq_id(71081);\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel SCTP vulnerability (K16016)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The sctp_process_param function in net/sctp/sm_make_chunk.c in the\nSCTP implementation in the Linux kernel before 3.17.4, when ASCONF is\nused, allows remote attackers to cause a denial of service (NULL\npointer dereference and system crash) via a malformed INIT chunk.\n(CVE-2014-7841)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16016\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16016.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16016\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.1.0-11.6.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.1.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.1.0-11.3.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.1.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.1.0-11.3.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.1.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T14:39:00", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-3005 advisory.\n\n - The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-01-30T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3005)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.14.el5uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.14.el5uekdebug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.14.el6uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.14.el6uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.14.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.14.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.14.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.14.el6uekdebug"], "id": "ORACLELINUX_ELSA-2015-3005.NASL", "href": "https://www.tenable.com/plugins/nessus/81102", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3005.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81102);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2014-7841\");\n script_bugtraq_id(71081);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2015-3005 advisory.\n\n - The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel\n before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2015-3005.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7841\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.14.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.14.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.14.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.14.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.14.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.14.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.14.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.14.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-400.36.14.el5uek', '2.6.32-400.36.14.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2015-3005');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-400.36.14.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-400.36.14.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.14.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.14.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.14.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.14.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.14.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.14.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-400.36.14.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-400.36.14.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'mlnx_en-2.6.32-400.36.14.el5uek-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.14.el5uek-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.14.el5uekdebug-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.14.el5uekdebug-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.14.el5uek-1.5.1-4.0.58', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.14.el5uek-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.14.el5uekdebug-1.5.1-4.0.58', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.14.el5uekdebug-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-400.36.14.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-400.36.14.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.14.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-400.36.14.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.14.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-400.36.14.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.14.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-400.36.14.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-400.36.14.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-400.36.14.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'mlnx_en-2.6.32-400.36.14.el6uek-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.14.el6uek-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.14.el6uekdebug-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-400.36.14.el6uekdebug-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.14.el6uek-1.5.1-4.0.58', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.14.el6uek-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.14.el6uekdebug-1.5.1-4.0.58', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-400.36.14.el6uekdebug-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T14:40:13", "description": "Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important)\n\nThis issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes the following bugs :\n\n* Due to several bugs in the network console logging, a race condition between the network console send operation and the driver's IRQ handler could occur, or the network console could access invalid memory content. As a consequence, the respective driver, such as vmxnet3, triggered a BUG_ON() assertion and the system terminated unexpectedly. A patch addressing these bugs has been applied so that driver's IRQs are disabled before processing the send operation and the network console now accesses the RCU-protected (read-copy update) data properly. Systems using the network console logging no longer crashes due to the aforementioned conditions. (BZ#1165983)\n\n* A bug in the vmxnet3 driver allowed potential race conditions to be triggered when the driver was used with the netconsole module. The race conditions allowed the driver's internal New API (NAPI) poll routine to run concurrently with the netpoll controller routine, which resulted in data corruption and a subsequent kernel panic. To fix this problem, the vmxnet3 driver has been modified to call the appropriate interrupt handler to schedule NAPI poll requests properly.\n(BZ#1179594)\n\n* Prior to this update, nfs_mark_return_delegation() was called without any locking, resulting in unsafe dereferencing of delegation->inode. Because the inode is only used to discover the nfs_client, the callers now pass a valid pointer to the nfs_server as a parameter. (BZ#1187637)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2015-03-05T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2015:0285)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7841"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.4"], "id": "REDHAT-RHSA-2015-0285.NASL", "href": "https://www.tenable.com/plugins/nessus/81625", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0285. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81625);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-7841\");\n script_xref(name:\"RHSA\", value:\"2015:0285\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2015:0285)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix one security issue and three bugs are\nnow available for Red Hat Enterprise Linux 6.4 Extended Update\nSupport.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nvalidated INIT chunks when performing Address Configuration Change\n(ASCONF). A remote attacker could use this flaw to crash the system by\nsending a specially crafted SCTP packet to trigger a NULL pointer\ndereference on the system. (CVE-2014-7841, Important)\n\nThis issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes the following bugs :\n\n* Due to several bugs in the network console logging, a race condition\nbetween the network console send operation and the driver's IRQ\nhandler could occur, or the network console could access invalid\nmemory content. As a consequence, the respective driver, such as\nvmxnet3, triggered a BUG_ON() assertion and the system terminated\nunexpectedly. A patch addressing these bugs has been applied so that\ndriver's IRQs are disabled before processing the send operation and\nthe network console now accesses the RCU-protected (read-copy update)\ndata properly. Systems using the network console logging no longer\ncrashes due to the aforementioned conditions. (BZ#1165983)\n\n* A bug in the vmxnet3 driver allowed potential race conditions to be\ntriggered when the driver was used with the netconsole module. The\nrace conditions allowed the driver's internal New API (NAPI) poll\nroutine to run concurrently with the netpoll controller routine, which\nresulted in data corruption and a subsequent kernel panic. To fix this\nproblem, the vmxnet3 driver has been modified to call the appropriate\ninterrupt handler to schedule NAPI poll requests properly.\n(BZ#1179594)\n\n* Prior to this update, nfs_mark_return_delegation() was called\nwithout any locking, resulting in unsafe dereferencing of\ndelegation->inode. Because the inode is only used to discover the\nnfs_client, the callers now pass a valid pointer to the nfs_server as\na parameter. (BZ#1187637)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7841\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7841\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:0285\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0285\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"kernel-doc-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"kernel-firmware-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"perf-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"perf-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"python-perf-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-358.56.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T16:40:38", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service :\n\n - CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host.\n\n - CVE-2014-3611 Lars Bull of Google reported a race condition in the PIT emulation code in KVM. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host.\n\n - CVE-2014-3645/ CVE-2014-3646 The Advanced Threat Research team at Intel Security discovered that the KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest.\n\n - CVE-2014-3647 Nadav Amit reported that KVM mishandles noncanonical addresses when emulating instructions that change rip, potentially causing a failed VM-entry. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest.\n\n - CVE-2014-3673 Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to a kernel panic when receiving malformed ASCONF chunks. A remote attacker could use this flaw to crash the system.\n\n - CVE-2014-3687 A flaw in the sctp stack was discovered leading to a kernel panic when receiving duplicate ASCONF chunks. A remote attacker could use this flaw to crash the system.\n\n - CVE-2014-3688 It was found that the sctp stack is prone to a remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system.\n\n - CVE-2014-3690 Andy Lutomirski discovered that incorrect register handling in KVM may lead to denial of service.\n\n - CVE-2014-7207 Several Debian developers reported an issue in the IPv6 networking subsystem. A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash).\n\nThis update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers. This will cause migration of a running VM from a host running an earlier kernel version to a host running this kernel version to fail, if the VM has been assigned a virtio network device. In order to migrate such a VM, it must be shut down first.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-11-03T00:00:00", "type": "nessus", "title": "Debian DSA-3060-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-7207"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3060.NASL", "href": "https://www.tenable.com/plugins/nessus/78784", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3060. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78784);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3610\", \"CVE-2014-3611\", \"CVE-2014-3645\", \"CVE-2014-3646\", \"CVE-2014-3647\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-3690\", \"CVE-2014-7207\");\n script_bugtraq_id(70691, 70742, 70743, 70745, 70746, 70748, 70766, 70768, 70867);\n script_xref(name:\"DSA\", value:\"3060\");\n\n script_name(english:\"Debian DSA-3060-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service :\n\n - CVE-2014-3610\n Lars Bull of Google and Nadav Amit reported a flaw in\n how KVM handles noncanonical writes to certain MSR\n registers. A privileged guest user can exploit this flaw\n to cause a denial of service (kernel panic) on the host.\n\n - CVE-2014-3611\n Lars Bull of Google reported a race condition in the PIT\n emulation code in KVM. A local guest user with access to\n PIT i/o ports could exploit this flaw to cause a denial\n of service (crash) on the host.\n\n - CVE-2014-3645/ CVE-2014-3646\n The Advanced Threat Research team at Intel Security\n discovered that the KVM subsystem did not handle the VM\n exits gracefully for the invept (Invalidate Translations\n Derived from EPT) and invvpid (Invalidate Translations\n Based on VPID) instructions. On hosts with an Intel\n processor and invept/invppid VM exit support, an\n unprivileged guest user could use these instructions to\n crash the guest.\n\n - CVE-2014-3647\n Nadav Amit reported that KVM mishandles noncanonical\n addresses when emulating instructions that change rip,\n potentially causing a failed VM-entry. A guest user with\n access to I/O or the MMIO can use this flaw to cause a\n denial of service (system crash) of the guest.\n\n - CVE-2014-3673\n Liu Wei of Red Hat discovered a flaw in\n net/core/skbuff.c leading to a kernel panic when\n receiving malformed ASCONF chunks. A remote attacker\n could use this flaw to crash the system.\n\n - CVE-2014-3687\n A flaw in the sctp stack was discovered leading to a\n kernel panic when receiving duplicate ASCONF chunks. A\n remote attacker could use this flaw to crash the system.\n\n - CVE-2014-3688\n It was found that the sctp stack is prone to a remotely\n triggerable memory pressure issue caused by excessive\n queueing. A remote attacker could use this flaw to cause\n denial-of-service conditions on the system.\n\n - CVE-2014-3690\n Andy Lutomirski discovered that incorrect register\n handling in KVM may lead to denial of service.\n\n - CVE-2014-7207\n Several Debian developers reported an issue in the IPv6\n networking subsystem. A local user with access to tun or\n macvtap devices, or a virtual machine connected to such\n a device, can cause a denial of service (system crash).\n\nThis update includes a bug fix related to CVE-2014-7207 that disables\nUFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net\ndrivers. This will cause migration of a running VM from a host running\nan earlier kernel version to a host running this kernel version to\nfail, if the VM has been assigned a virtio network device. In order to\nmigrate such a VM, it must be shut down first.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-7207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-7207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3060\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.63-2+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.63-2+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:40:36", "description": "Linux v3.17.2. A wide variety of fixes across the tree. Even more KVM CVE fixes CVE fixes for KVM and SCTP.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-11-03T00:00:00", "type": "nessus", "title": "Fedora 21 : kernel-3.17.2-300.fc21 (2014-14126)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-8369", "CVE-2014-8480", "CVE-2014-8481"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-14126.NASL", "href": "https://www.tenable.com/plugins/nessus/78814", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14126.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78814);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3610\", \"CVE-2014-3611\", \"CVE-2014-3646\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-3690\", \"CVE-2014-8369\", \"CVE-2014-8480\", \"CVE-2014-8481\");\n script_bugtraq_id(70691, 70710, 70712, 70742, 70743, 70745, 70749, 70766, 70768);\n script_xref(name:\"FEDORA\", value:\"2014-14126\");\n\n script_name(english:\"Fedora 21 : kernel-3.17.2-300.fc21 (2014-14126)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Linux v3.17.2. A wide variety of fixes across the tree. Even more KVM\nCVE fixes CVE fixes for KVM and SCTP.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1144825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1144878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1144883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1147850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1155731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1155745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1156518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1156615\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142663.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f9fb363\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"kernel-3.17.2-300.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-04T15:10:18", "description": "The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. (CVE-2014-3688)", "cvss3": {}, "published": "2016-07-25T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel SCTP vulnerability (K16025)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3688"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16025.NASL", "href": "https://www.tenable.com/plugins/nessus/92528", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16025.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92528);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2014-3688\");\n script_bugtraq_id(70768);\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel SCTP vulnerability (K16025)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SCTP implementation in the Linux kernel before 3.17.4 allows\nremote attackers to cause a denial of service (memory consumption) by\ntriggering a large number of chunks in an association's output queue,\nas demonstrated by ASCONF probes, related to net/sctp/inqueue.c and\nnet/sctp/sm_statefuns.c. (CVE-2014-3688)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16025\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16025.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16025\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4HF2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4HF2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4HF2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4HF2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4HF2\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.5.4HF2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4HF2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4HF2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4HF2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-02T15:31:11", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2014-3688: The SCTP implementation allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue (bsc#902351).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-07-27T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2062-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3688"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-2062-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111367", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2062-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111367);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3688\");\n script_bugtraq_id(70768);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2062-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes. The following security bugs were fixed :\n\n - CVE-2014-3688: The SCTP implementation allowed remote\n attackers to cause a denial of service (memory\n consumption) by triggering a large number of chunks in\n an association's output queue (bsc#902351).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=780242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=784815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=786036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=790588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=795301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3688/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182062-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86c3b355\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-source-13702=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-source-13702=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-source-13702=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-source-13702=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-108.60.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-108.60.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T14:44:03", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.31 to receive various security and bugfixes.\n\nSecurity issues fixed: CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code.\n\n - CVE-2014-9090: Various issues in LDT handling in 32bit compatibility mode on the x86_64 platform were fixed, where local attackers could crash the machine.\n\n - CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace.\n\n - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.\n\n - CVE-2014-3647: Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandled noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO could use this flaw to cause a denial of service (system crash) of the guest.\n\n - CVE-2014-3611: A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.\n\n - CVE-2014-3610: If the guest writes a noncanonical value to certain MSR registers, KVM will write that value to the MSR in the host context and a #GP will be raised leading to kernel panic. A privileged guest user could have used this flaw to crash the host.\n\n - CVE-2014-7841: A remote attacker could have used a flaw in SCTP to crash the system by sending a maliciously prepared SCTP packet in order to trigger a NULL pointer dereference on the server.\n\n - CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.\n\n - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.\n\nBugs fixed: BTRFS :\n\n - btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent items (bnc#904077).\n\n - btrfs: fix invalid leaf slot access in btrfs_lookup_extent() (bnc#904077).\n\n - btrfs: avoid returning -ENOMEM in convert_extent_bit() too early (bnc#902016).\n\n - btrfs: make find_first_extent_bit be able to cache any state (bnc#902016).\n\n - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#902016).\n\n - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#899551).\n\n - btrfs: add missing end_page_writeback on submit_extent_page failure (bnc#899551).\n\n - btrfs: fix crash of btrfs_release_extent_buffer_page (bnc#899551).\n\n - btrfs: ensure readers see new data after a clone operation (bnc#898234).\n\n - btrfs: avoid visiting all extent items when cloning a range (bnc#898234).\n\n - btrfs: fix clone to deal with holes when NO_HOLES feature is enabled (bnc#898234).\n\n - btrfs: make fsync work after cloning into a file (bnc#898234).\n\n - btrfs: fix use-after-free when cloning a trailing file hole (bnc#898234).\n\n - btrfs: clone, don't create invalid hole extent map (bnc#898234).\n\n - btrfs: limit the path size in send to PATH_MAX (bnc#897770).\n\n - btrfs: send, fix more issues related to directory renames (bnc#897770).\n\n - btrfs: send, remove dead code from\n __get_cur_name_and_parent (bnc#897770).\n\n - btrfs: send, account for orphan directories when building path strings (bnc#897770).\n\n - btrfs: send, avoid unnecessary inode item lookup in the btree (bnc#897770).\n\n - btrfs: send, fix incorrect ref access when using extrefs (bnc#897770).\n\n - btrfs: send, build path string only once in send_hole (bnc#897770).\n\n - btrfs: part 2, fix incremental send's decision to delay a dir move/rename (bnc#897770).\n\n - btrfs: fix incremental send's decision to delay a dir move/rename (bnc#897770).\n\n - btrfs: remove unnecessary inode generation lookup in send (bnc#897770).\n\n - btrfs: avoid unnecessary utimes update in incremental send (bnc#897770).\n\n - btrfs: fix send issuing outdated paths for utimes, chown and chmod (bnc#897770).\n\n - btrfs: fix send attempting to rmdir non-empty directories (bnc#897770).\n\n - btrfs: send, don't send rmdir for same target multiple times (bnc#897770).\n\n - btrfs: incremental send, fix invalid path after dir rename (bnc#897770).\n\n - btrfs: fix assert screwup for the pending move stuff (bnc#897770).\n\n - btrfs: make some tree searches in send.c more efficient (bnc#897770).\n\n - btrfs: use right extent item position in send when finding extent clones (bnc#897770).\n\n - btrfs: more send support for parent/child dir relationship inversion (bnc#897770).\n\n - btrfs: fix send dealing with file renames and directory moves (bnc#897770).\n\n - btrfs: add missing error check in incremental send (bnc#897770).\n\n - btrfs: make send's file extent item search more efficient (bnc#897770).\n\n - btrfs: fix infinite path build loops in incremental send (bnc#897770).\n\n - btrfs: send, don't delay dir move if there's a new parent inode (bnc#897770).\n\n - btrfs: add helper btrfs_fdatawrite_range (bnc#902010).\n\n - btrfs: correctly flush compressed data before/after direct IO (bnc#902010).\n\n - btrfs: make inode.c:compress_file_range() return void (bnc#902010).\n\n - btrfs: report error after failure inlining extent in compressed write path (bnc#902010).\n\n - btrfs: don't ignore compressed bio write errors (bnc#902010).\n\n - btrfs: make inode.c:submit_compressed_extents() return void (bnc#902010).\n\n - btrfs: process all async extents on compressed write failure (bnc#902010).\n\n - btrfs: don't leak pages and memory on compressed write error (bnc#902010).\n\n - btrfs: fix hang on compressed write error (bnc#902010).\n\n - btrfs: set page and mapping error on compressed write failure (bnc#902010).\n\n - btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup (bnc#904115).\n\nHyper-V :\n\n - hyperv: Fix a bug in netvsc_send().\n\n - hyperv: Fix a bug in netvsc_start_xmit().\n\n - drivers: hv: vmbus: Enable interrupt driven flow control.\n\n - drivers: hv: vmbus: Properly protect calls to smp_processor_id().\n\n - drivers: hv: vmbus: Cleanup hv_post_message().\n\n - drivers: hv: vmbus: Cleanup vmbus_close_internal().\n\n - drivers: hv: vmbus: Fix a bug in vmbus_open().\n\n - drivers: hv: vmbus: Cleanup vmbus_establish_gpadl().\n\n - drivers: hv: vmbus: Cleanup vmbus_teardown_gpadl().\n\n - drivers: hv: vmbus: Cleanup vmbus_post_msg().\n\n - storvsc: get rid of overly verbose warning messages.\n\n - hyperv: NULL dereference on error.\n\n - hyperv: Increase the buffer length for netvsc_channel_cb().\n\nzSeries / S390 :\n\n - s390: pass march flag to assembly files as well (bnc#903279, LTC#118177).\n\n - kernel: reduce function tracer overhead (bnc#903279, LTC#118177).\n\n - SUNRPC: Handle EPIPE in xprt_connect_status (bnc#901090).\n\n - SUNRPC: Ensure that we handle ENOBUFS errors correctly (bnc#901090).\n\n - SUNRPC: Ensure call_connect_status() deals correctly with SOFTCONN tasks (bnc#901090).\n\n - SUNRPC: Ensure that call_connect times out correctly (bnc#901090).\n\n - SUNRPC: Handle connect errors ECONNABORTED and EHOSTUNREACH (bnc#901090).\n\n - SUNRPC: Ensure xprt_connect_status handles all potential connection errors (bnc#901090).\n\n - SUNRPC: call_connect_status should recheck bind and connect status on error (bnc#901090).\n\nkGraft :\n\n - kgr: force patching process to succeed (fate#313296).\n\n - kgr: usb-storage, mark kthread safe (fate#313296 bnc#899908).\n\n - Refresh patches.suse/kgr-0039-kgr-fix-ugly-race.patch.\n Fix few bugs, and also races (immutable vs mark_processes vs other threads).\n\n - kgr: always use locked bit ops for thread_info->flags (fate#313296).\n\n - kgr: lower the workqueue scheduling timeout (fate#313296 bnc#905087).\n\n - kgr: mark even more kthreads (fate#313296 bnc#904871).\n\n - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft packages (bnc#901925)\n\nOther :\n\n - NFSv4: test SECINFO RPC_AUTH_GSS pseudoflavors for support (bnc#905758).\n\n - Enable cmac(aes) and cmac(3des_ede) for FIPS mode (bnc#905296 bnc#905772).\n\n - scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633).\n\n - powerpc/vphn: NUMA node code expects big-endian (bsc#900126).\n\n - net: fix checksum features handling in netif_skb_features() (bnc#891259).\n\n - be2net: Fix invocation of be_close() after be_clear() (bnc#895468).\n\n - PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898297).\n\n - PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898297).\n\n - PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898297).\n\n - PCI: pciehp: Make check_link_active() non-static (bnc#898297).\n\n - PCI: pciehp: Enable link state change notifications (bnc#898297).\n\n - ALSA: hda - Treat zero connection as non-error (bnc#902898).\n\n - bcache: add mutex lock for bch_is_open (bnc#902893).\n\n - futex: Fix a race condition between REQUEUE_PI and task death (bcn #851603 (futex scalability series)).\n\n - Linux 3.12.31 (bnc#895983 bnc#897912).\n\n - futex: Ensure get_futex_key_refs() always implies a barrier (bcn #851603 (futex scalability series)).\n\n - usbback: don't access request fields in shared ring more than once.\n\n - Update Xen patches to 3.12.30.\n\n - locking/rwsem: Avoid double checking before try acquiring write lock (Locking scalability.).\n\n - zcrypt: toleration of new crypto adapter hardware (bnc#894057, LTC#117041).\n\n - zcrypt: support for extended number of ap domains (bnc#894057, LTC#117041).\n\n - kABI: protect linux/fs.h include in mm/internal.h.\n\n - Linux 3.12.30 (FATE#315482 bnc#862957 bnc#863526 bnc#870498).\n\n - Update patches.fixes/xfs-mark-all-internal-workqueues-as-freeza ble.patch (bnc#899785).\n\n - xfs: mark all internal workqueues as freezable.\n\n - drm/i915: Move DP port disable to post_disable for pch platforms (bnc#899787).\n\n - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680).\n\n - Linux 3.12.29 (bnc#879255 bnc#880892 bnc#887046 bnc#887418 bnc#891619 bnc#892612 bnc#892650 bnc#897101).\n\n - iommu/vt-d: Work around broken RMRR firmware entries (bnc#892860).\n\n - iommu/vt-d: Store bus information in RMRR PCI device path (bnc#892860).\n\n - iommu/vt-d: Only remove domain when device is removed (bnc#883139).\n\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#883139).\n\n - Update config files: Re-enable CONFIG_FUNCTION_PROFILER (bnc#899489) Option FUNCTION_PROFILER was enabled in debug and trace kernels so far, but it was accidentally disabled before tracing features were merged into the default kernel and the trace flavor was discarded. So all kernels are missing the feature now. Re-enable it.\n\n - xfs: xlog_cil_force_lsn doesn't always wait correctly.\n\n - scsi: clear 'host_scribble' upon successful abort (bnc#894863).\n\n - module: warn if module init + probe takes long (bnc#889297 bnc#877622 bnc#889295 bnc#893454).\n\n - mm, THP: don't hold mmap_sem in khugepaged when allocating THP (bnc#880767, VM Performance).\n\n - pagecache_limit: batch large nr_to_scan targets (bnc#895221).\n\n - iommu/vt-d: Check return value of acpi_bus_get_device() (bnc#903307).\n\n - rpm/kernel-binary.spec.in: Fix including the secure boot cert in /etc/uefi/certs\n\n - sched: Reduce contention in update_cfs_rq_blocked_load() (Scheduler/core performance).\n\n - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)).\n\n - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)).\n\n - usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904354).\n\n - netxen: Fix link event handling (bnc#873228).\n\n - x86, cpu: Detect more TLB configuration -xen (TLB Performance).\n\n - x86/mm: Fix RCU splat from new TLB tracepoints (TLB Performance).\n\n - x86/mm: Set TLB flush tunable to sane value (33) (TLB Performance).\n\n - x86/mm: New tunable for single vs full TLB flush (TLB Performance).\n\n - x86/mm: Add tracepoints for TLB flushes (TLB Performance).\n\n - x86/mm: Unify remote INVLPG code (TLB Performance).\n\n - x86/mm: Fix missed global TLB flush stat (TLB Performance).\n\n - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing (TLB Performance).\n\n - x86, cpu: Detect more TLB configuration (TLB Performance).\n\n - mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on IvyBridge (TLB Performance).\n\n - x86/mm: Clean up the TLB flushing code (TLB Performance).\n\n - mm: free compound page with correct order (VM Functionality).\n\n - bnx2x: Utilize FW 7.10.51 (bnc#887382).\n\n - bnx2x: Remove unnecessary internal mem config (bnc#887382).\n\n - rtnetlink: fix oops in rtnl_link_get_slave_info_data_size (bnc#901774).\n\n - dm: do not call dm_sync_table() when creating new devices (bnc#901809).\n\n - [media] uvc: Fix destruction order in uvc_delete() (bnc#897736).\n\n - uas: replace WARN_ON_ONCE() with lockdep_assert_held() (FATE#315595).\n\n - cxgb4/cxgb4vf: Add Devicde ID for two more adapter (bsc#903999).\n\n - cxgb4/cxgb4vf: Add device ID for new adapter and remove for dbg adapter (bsc#903999).\n\n - cxgb4: Adds device ID for few more Chelsio T4 Adapters (bsc#903999).\n\n - cxgb4: Check if rx checksum offload is enabled, while reading hardware calculated checksum (bsc#903999).\n\n - xen-pciback: drop SR-IOV VFs when PF driver unloads (bsc#901839).\n\nThis update also includes fixes contained in the Linux 3.12.stable release series, not separately listed here.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0068-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6405", "CVE-2014-3185", "CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-8133", "CVE-2014-9090", "CVE-2014-9322"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-0068-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83665", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0068-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83665);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-6405\", \"CVE-2014-3185\", \"CVE-2014-3610\", \"CVE-2014-3611\", \"CVE-2014-3647\", \"CVE-2014-3673\", \"CVE-2014-7826\", \"CVE-2014-7841\", \"CVE-2014-8133\", \"CVE-2014-9090\", \"CVE-2014-9322\");\n script_bugtraq_id(63999, 69781, 70742, 70743, 70748, 70883, 70971, 71081, 71250, 71684, 71685);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0068-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.31 to receive\nvarious security and bugfixes.\n\nSecurity issues fixed: CVE-2014-9322: A local privilege escalation in\nthe x86_64 32bit compatibility signal handling was fixed, which could\nbe used by local attackers to crash the machine or execute code.\n\n - CVE-2014-9090: Various issues in LDT handling in 32bit\n compatibility mode on the x86_64 platform were fixed,\n where local attackers could crash the machine.\n\n - CVE-2014-8133: Insufficient validation of TLS register\n usage could leak information from the kernel stack to\n userspace.\n\n - CVE-2014-7826: kernel/trace/trace_syscalls.c in the\n Linux kernel did not properly handle private syscall\n numbers during use of the ftrace subsystem, which\n allowed local users to gain privileges or cause a denial\n of service (invalid pointer dereference) via a crafted\n application.\n\n - CVE-2014-3647: Nadav Amit reported that the KVM (Kernel\n Virtual Machine) mishandled noncanonical addresses when\n emulating instructions that change the rip (Instruction\n Pointer). A guest user with access to I/O or the MMIO\n could use this flaw to cause a denial of service (system\n crash) of the guest.\n\n - CVE-2014-3611: A race condition flaw was found in the\n way the Linux kernel's KVM subsystem handled PIT\n (Programmable Interval Timer) emulation. A guest user\n who has access to the PIT I/O ports could use this flaw\n to crash the host.\n\n - CVE-2014-3610: If the guest writes a noncanonical value\n to certain MSR registers, KVM will write that value to\n the MSR in the host context and a #GP will be raised\n leading to kernel panic. A privileged guest user could\n have used this flaw to crash the host.\n\n - CVE-2014-7841: A remote attacker could have used a flaw\n in SCTP to crash the system by sending a maliciously\n prepared SCTP packet in order to trigger a NULL pointer\n dereference on the server.\n\n - CVE-2014-3673: The SCTP implementation in the Linux\n kernel allowed remote attackers to cause a denial of\n service (system crash) via a malformed ASCONF chunk,\n related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c.\n\n - CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB\n Serial Driver in the Linux kernel allowed physically\n proximate attackers to execute arbitrary code or cause a\n denial of service (memory corruption and system crash)\n via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with a bulk response.\n\nBugs fixed: BTRFS :\n\n - btrfs: fix race that makes btrfs_lookup_extent_info miss\n skinny extent items (bnc#904077).\n\n - btrfs: fix invalid leaf slot access in\n btrfs_lookup_extent() (bnc#904077).\n\n - btrfs: avoid returning -ENOMEM in convert_extent_bit()\n too early (bnc#902016).\n\n - btrfs: make find_first_extent_bit be able to cache any\n state (bnc#902016).\n\n - btrfs: deal with convert_extent_bit errors to avoid fs\n corruption (bnc#902016).\n\n - btrfs: be aware of btree inode write errors to avoid fs\n corruption (bnc#899551).\n\n - btrfs: add missing end_page_writeback on\n submit_extent_page failure (bnc#899551).\n\n - btrfs: fix crash of btrfs_release_extent_buffer_page\n (bnc#899551).\n\n - btrfs: ensure readers see new data after a clone\n operation (bnc#898234).\n\n - btrfs: avoid visiting all extent items when cloning a\n range (bnc#898234).\n\n - btrfs: fix clone to deal with holes when NO_HOLES\n feature is enabled (bnc#898234).\n\n - btrfs: make fsync work after cloning into a file\n (bnc#898234).\n\n - btrfs: fix use-after-free when cloning a trailing file\n hole (bnc#898234).\n\n - btrfs: clone, don't create invalid hole extent map\n (bnc#898234).\n\n - btrfs: limit the path size in send to PATH_MAX\n (bnc#897770).\n\n - btrfs: send, fix more issues related to directory\n renames (bnc#897770).\n\n - btrfs: send, remove dead code from\n __get_cur_name_and_parent (bnc#897770).\n\n - btrfs: send, account for orphan directories when\n building path strings (bnc#897770).\n\n - btrfs: send, avoid unnecessary inode item lookup in the\n btree (bnc#897770).\n\n - btrfs: send, fix incorrect ref access when using extrefs\n (bnc#897770).\n\n - btrfs: send, build path string only once in send_hole\n (bnc#897770).\n\n - btrfs: part 2, fix incremental send's decision to delay\n a dir move/rename (bnc#897770).\n\n - btrfs: fix incremental send's decision to delay a dir\n move/rename (bnc#897770).\n\n - btrfs: remove unnecessary inode generation lookup in\n send (bnc#897770).\n\n - btrfs: avoid unnecessary utimes update in incremental\n send (bnc#897770).\n\n - btrfs: fix send issuing outdated paths for utimes, chown\n and chmod (bnc#897770).\n\n - btrfs: fix send attempting to rmdir non-empty\n directories (bnc#897770).\n\n - btrfs: send, don't send rmdir for same target multiple\n times (bnc#897770).\n\n - btrfs: incremental send, fix invalid path after dir\n rename (bnc#897770).\n\n - btrfs: fix assert screwup for the pending move stuff\n (bnc#897770).\n\n - btrfs: make some tree searches in send.c more efficient\n (bnc#897770).\n\n - btrfs: use right extent item position in send when\n finding extent clones (bnc#897770).\n\n - btrfs: more send support for parent/child dir\n relationship inversion (bnc#897770).\n\n - btrfs: fix send dealing with file renames and directory\n moves (bnc#897770).\n\n - btrfs: add missing error check in incremental send\n (bnc#897770).\n\n - btrfs: make send's file extent item search more\n efficient (bnc#897770).\n\n - btrfs: fix infinite path build loops in incremental send\n (bnc#897770).\n\n - btrfs: send, don't delay dir move if there's a new\n parent inode (bnc#897770).\n\n - btrfs: add helper btrfs_fdatawrite_range (bnc#902010).\n\n - btrfs: correctly flush compressed data before/after\n direct IO (bnc#902010).\n\n - btrfs: make inode.c:compress_file_range() return void\n (bnc#902010).\n\n - btrfs: report error after failure inlining extent in\n compressed write path (bnc#902010).\n\n - btrfs: don't ignore compressed bio write errors\n (bnc#902010).\n\n - btrfs: make inode.c:submit_compressed_extents() return\n void (bnc#902010).\n\n - btrfs: process all async extents on compressed write\n failure (bnc#902010).\n\n - btrfs: don't leak pages and memory on compressed write\n error (bnc#902010).\n\n - btrfs: fix hang on compressed write error (bnc#902010).\n\n - btrfs: set page and mapping error on compressed write\n failure (bnc#902010).\n\n - btrfs: fix kfree on list_head in\n btrfs_lookup_csums_range error cleanup (bnc#904115).\n\nHyper-V :\n\n - hyperv: Fix a bug in netvsc_send().\n\n - hyperv: Fix a bug in netvsc_start_xmit().\n\n - drivers: hv: vmbus: Enable interrupt driven flow\n control.\n\n - drivers: hv: vmbus: Properly protect calls to\n smp_processor_id().\n\n - drivers: hv: vmbus: Cleanup hv_post_message().\n\n - drivers: hv: vmbus: Cleanup vmbus_close_internal().\n\n - drivers: hv: vmbus: Fix a bug in vmbus_open().\n\n - drivers: hv: vmbus: Cleanup vmbus_establish_gpadl().\n\n - drivers: hv: vmbus: Cleanup vmbus_teardown_gpadl().\n\n - drivers: hv: vmbus: Cleanup vmbus_post_msg().\n\n - storvsc: get rid of overly verbose warning messages.\n\n - hyperv: NULL dereference on error.\n\n - hyperv: Increase the buffer length for\n netvsc_channel_cb().\n\nzSeries / S390 :\n\n - s390: pass march flag to assembly files as well\n (bnc#903279, LTC#118177).\n\n - kernel: reduce function tracer overhead (bnc#903279,\n LTC#118177).\n\n - SUNRPC: Handle EPIPE in xprt_connect_status\n (bnc#901090).\n\n - SUNRPC: Ensure that we handle ENOBUFS errors correctly\n (bnc#901090).\n\n - SUNRPC: Ensure call_connect_status() deals correctly\n with SOFTCONN tasks (bnc#901090).\n\n - SUNRPC: Ensure that call_connect times out correctly\n (bnc#901090).\n\n - SUNRPC: Handle connect errors ECONNABORTED and\n EHOSTUNREACH (bnc#901090).\n\n - SUNRPC: Ensure xprt_connect_status handles all potential\n connection errors (bnc#901090).\n\n - SUNRPC: call_connect_status should recheck bind and\n connect status on error (bnc#901090).\n\nkGraft :\n\n - kgr: force patching process to succeed (fate#313296).\n\n - kgr: usb-storage, mark kthread safe (fate#313296\n bnc#899908).\n\n - Refresh patches.suse/kgr-0039-kgr-fix-ugly-race.patch.\n Fix few bugs, and also races (immutable vs\n mark_processes vs other threads).\n\n - kgr: always use locked bit ops for thread_info->flags\n (fate#313296).\n\n - kgr: lower the workqueue scheduling timeout (fate#313296\n bnc#905087).\n\n - kgr: mark even more kthreads (fate#313296 bnc#904871).\n\n - rpm/kernel-binary.spec.in: Provide name-version-release\n for kgraft packages (bnc#901925)\n\nOther :\n\n - NFSv4: test SECINFO RPC_AUTH_GSS pseudoflavors for\n support (bnc#905758).\n\n - Enable cmac(aes) and cmac(3des_ede) for FIPS mode\n (bnc#905296 bnc#905772).\n\n - scsi_dh_alua: disable ALUA handling for non-disk devices\n (bnc#876633).\n\n - powerpc/vphn: NUMA node code expects big-endian\n (bsc#900126).\n\n - net: fix checksum features handling in\n netif_skb_features() (bnc#891259).\n\n - be2net: Fix invocation of be_close() after be_clear()\n (bnc#895468).\n\n - PCI: pciehp: Clear Data Link Layer State Changed during\n init (bnc#898297).\n\n - PCI: pciehp: Use symbolic constants, not hard-coded\n bitmask (bnc#898297).\n\n - PCI: pciehp: Use link change notifications for hot-plug\n and removal (bnc#898297).\n\n - PCI: pciehp: Make check_link_active() non-static\n (bnc#898297).\n\n - PCI: pciehp: Enable link state change notifications\n (bnc#898297).\n\n - ALSA: hda - Treat zero connection as non-error\n (bnc#902898).\n\n - bcache: add mutex lock for bch_is_open (bnc#902893).\n\n - futex: Fix a race condition between REQUEUE_PI and task\n death (bcn #851603 (futex scalability series)).\n\n - Linux 3.12.31 (bnc#895983 bnc#897912).\n\n - futex: Ensure get_futex_key_refs() always implies a\n barrier (bcn #851603 (futex scalability series)).\n\n - usbback: don't access request fields in shared ring more\n than once.\n\n - Update Xen patches to 3.12.30.\n\n - locking/rwsem: Avoid double checking before try\n acquiring write lock (Locking scalability.).\n\n - zcrypt: toleration of new crypto adapter hardware\n (bnc#894057, LTC#117041).\n\n - zcrypt: support for extended number of ap domains\n (bnc#894057, LTC#117041).\n\n - kABI: protect linux/fs.h include in mm/internal.h.\n\n - Linux 3.12.30 (FATE#315482 bnc#862957 bnc#863526\n bnc#870498).\n\n - Update\n patches.fixes/xfs-mark-all-internal-workqueues-as-freeza\n ble.patch (bnc#899785).\n\n - xfs: mark all internal workqueues as freezable.\n\n - drm/i915: Move DP port disable to post_disable for pch\n platforms (bnc#899787).\n\n - pagecachelimit: reduce lru_lock congestion for heavy\n parallel reclaim fix (bnc#895680).\n\n - Linux 3.12.29 (bnc#879255 bnc#880892 bnc#887046\n bnc#887418 bnc#891619 bnc#892612 bnc#892650 bnc#897101).\n\n - iommu/vt-d: Work around broken RMRR firmware entries\n (bnc#892860).\n\n - iommu/vt-d: Store bus information in RMRR PCI device\n path (bnc#892860).\n\n - iommu/vt-d: Only remove domain when device is removed\n (bnc#883139).\n\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event\n (bnc#883139).\n\n - Update config files: Re-enable CONFIG_FUNCTION_PROFILER\n (bnc#899489) Option FUNCTION_PROFILER was enabled in\n debug and trace kernels so far, but it was accidentally\n disabled before tracing features were merged into the\n default kernel and the trace flavor was discarded. So\n all kernels are missing the feature now. Re-enable it.\n\n - xfs: xlog_cil_force_lsn doesn't always wait correctly.\n\n - scsi: clear 'host_scribble' upon successful abort\n (bnc#894863).\n\n - module: warn if module init + probe takes long\n (bnc#889297 bnc#877622 bnc#889295 bnc#893454).\n\n - mm, THP: don't hold mmap_sem in khugepaged when\n allocating THP (bnc#880767, VM Performance).\n\n - pagecache_limit: batch large nr_to_scan targets\n (bnc#895221).\n\n - iommu/vt-d: Check return value of acpi_bus_get_device()\n (bnc#903307).\n\n - rpm/kernel-binary.spec.in: Fix including the secure boot\n cert in /etc/uefi/certs\n\n - sched: Reduce contention in update_cfs_rq_blocked_load()\n (Scheduler/core performance).\n\n - x86: use optimized ioresource lookup in ioremap function\n (Boot time optimisations (bnc#895387)).\n\n - x86: optimize resource lookups for ioremap (Boot time\n optimisations (bnc#895387)).\n\n - usb: Do not re-read descriptors for wired devices in\n usb_authorize_device() (bnc#904354).\n\n - netxen: Fix link event handling (bnc#873228).\n\n - x86, cpu: Detect more TLB configuration -xen (TLB\n Performance).\n\n - x86/mm: Fix RCU splat from new TLB tracepoints (TLB\n Performance).\n\n - x86/mm: Set TLB flush tunable to sane value (33) (TLB\n Performance).\n\n - x86/mm: New tunable for single vs full TLB flush (TLB\n Performance).\n\n - x86/mm: Add tracepoints for TLB flushes (TLB\n Performance).\n\n - x86/mm: Unify remote INVLPG code (TLB Performance).\n\n - x86/mm: Fix missed global TLB flush stat (TLB\n Performance).\n\n - x86/mm: Rip out complicated, out-of-date, buggy TLB\n flushing (TLB Performance).\n\n - x86, cpu: Detect more TLB configuration (TLB\n Performance).\n\n - mm, x86: Revisit tlb_flushall_shift tuning for page\n flushes except on IvyBridge (TLB Performance).\n\n - x86/mm: Clean up the TLB flushing code (TLB\n Performance).\n\n - mm: free compound page with correct order (VM\n Functionality).\n\n - bnx2x: Utilize FW 7.10.51 (bnc#887382).\n\n - bnx2x: Remove unnecessary internal mem config\n (bnc#887382).\n\n - rtnetlink: fix oops in\n rtnl_link_get_slave_info_data_size (bnc#901774).\n\n - dm: do not call dm_sync_table() when creating new\n devices (bnc#901809).\n\n - [media] uvc: Fix destruction order in uvc_delete()\n (bnc#897736).\n\n - uas: replace WARN_ON_ONCE() with lockdep_assert_held()\n (FATE#315595).\n\n - cxgb4/cxgb4vf: Add Devicde ID for two more adapter\n (bsc#903999).\n\n - cxgb4/cxgb4vf: Add device ID for new adapter and remove\n for dbg adapter (bsc#903999).\n\n - cxgb4: Adds device ID for few more Chelsio T4 Adapters\n (bsc#903999).\n\n - cxgb4: Check if rx checksum offload is enabled, while\n reading hardware calculated checksum (bsc#903999).\n\n - xen-pciback: drop SR-IOV VFs when PF driver unloads\n (bsc#901839).\n\nThis update also includes fixes contained in the Linux 3.12.stable\nrelease series, not separately listed here.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=851603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=853040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=860441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=862957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=863526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=870498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=873228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=874025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=877622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=879255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=880767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=880892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=881085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=883139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=887046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=887382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=887418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=889295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=889297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=891259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=891619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=892254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=892612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=892650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=892860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=893454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=894057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=894863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=896391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=897101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=897736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=897770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=897912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=900126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-6405/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3610/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3611/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7826/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7841/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8133/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9090/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9322/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150068-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c7a8e72\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-21\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-21\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-21\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-21\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-21\n\nSUSE Linux Enterprise Build System Kit 12 :\n\nzypper in -t patch SUSE-SLE-BSK-12-2015-21\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n scr