Vulnerabilities > CVE-2006-1056 - Cryptographic Issues vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. Upgrade to Linux Kernel version 2.6.16.9 : http://www.kernel.org/
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0042.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a #GP to occur upon passing the inputs to XSETBV inside the hypervisor. This is CVE-2013-2078 / XSA-54. (CVE-2013-2078) - x86/xsave: recover from faults on XRSTOR Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed to it in the memory block (i.e. aspects not under the control of the hypervisor, other than e.g. proper alignment of the block). Also correct the comment explaining why FXRSTOR needs exception recovery code to not wrongly state that this can only be a result of the control tools passing a bad image. This is CVE-2013-2077 / XSA-53. (CVE-2013-2077) - x86/xsave: fix information leak on AMD CPUs Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don last seen 2020-06-01 modified 2020-06-02 plugin id 79510 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79510 title OracleVM 3.2 : xen (OVMSA-2013-0042) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2013-0042. # include("compat.inc"); if (description) { script_id(79510); script_version("1.3"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2006-1056", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078"); script_bugtraq_id(17600, 60277, 60278, 60282); script_name(english:"OracleVM 3.2 : xen (OVMSA-2013-0042)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a #GP to occur upon passing the inputs to XSETBV inside the hypervisor. This is CVE-2013-2078 / XSA-54. (CVE-2013-2078) - x86/xsave: recover from faults on XRSTOR Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed to it in the memory block (i.e. aspects not under the control of the hypervisor, other than e.g. proper alignment of the block). Also correct the comment explaining why FXRSTOR needs exception recovery code to not wrongly state that this can only be a result of the control tools passing a bad image. This is CVE-2013-2077 / XSA-53. (CVE-2013-2077) - x86/xsave: fix information leak on AMD CPUs Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don't save/restore the last instruction and operand pointers as well as the last opcode if there's no pending unmasked exception (see CVE-2006-1056 and commit 9747:4d667a139318). While the FXSR solution sits in the save path, I prefer to have this in the restore path because there the handling is simpler (namely in the context of the pending changes to properly save the selector values for 32-bit guest code). Also this is using FFREE instead of EMMS, as it doesn't seem unlikely that in the future we may see CPUs with x87 and SSE/AVX but no MMX support. The goal here anyway is just to avoid an FPU stack overflow. I would have preferred to use FFREEP instead of FFREE (freeing two stack slots at once), but AMD doesn't document that instruction. This is CVE-2013-2076 / XSA-52. (CVE-2013-2076)" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2013-June/000155.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.6.13")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.6.13")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.6.13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0043.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - x86/xsave: properly check guest input to XSETBV Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a #GP to occur upon passing the inputs to XSETBV inside the hypervisor. This is CVE-2013-2078 / XSA-54. (CVE-2013-2078) - 86/xsave: recover from faults on XRSTOR Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed to it in the memory block (i.e. aspects not under the control of the hypervisor, other than e.g. proper alignment of the block). Also correct the comment explaining why FXRSTOR needs exception recovery code to not wrongly state that this can only be a result of the control tools passing a bad image. This is CVE-2013-2077 / XSA-53. (CVE-2013-2077) - x86/xsave: fix information leak on AMD CPUs Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don last seen 2020-06-01 modified 2020-06-02 plugin id 79511 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79511 title OracleVM 3.1 : xen (OVMSA-2013-0043) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2013-0043. # include("compat.inc"); if (description) { script_id(79511); script_version("1.3"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2006-1056", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078"); script_bugtraq_id(17600, 60277, 60278, 60282); script_name(english:"OracleVM 3.1 : xen (OVMSA-2013-0043)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - x86/xsave: properly check guest input to XSETBV Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a #GP to occur upon passing the inputs to XSETBV inside the hypervisor. This is CVE-2013-2078 / XSA-54. (CVE-2013-2078) - 86/xsave: recover from faults on XRSTOR Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed to it in the memory block (i.e. aspects not under the control of the hypervisor, other than e.g. proper alignment of the block). Also correct the comment explaining why FXRSTOR needs exception recovery code to not wrongly state that this can only be a result of the control tools passing a bad image. This is CVE-2013-2077 / XSA-53. (CVE-2013-2077) - x86/xsave: fix information leak on AMD CPUs Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don't save/restore the last instruction and operand pointers as well as the last opcode if there's no pending unmasked exception (see CVE-2006-1056 and commit 9747:4d667a139318). While the FXSR solution sits in the save path, I prefer to have this in the restore path because there the handling is simpler (namely in the context of the pending changes to properly save the selector values for 32-bit guest code). Also this is using FFREE instead of EMMS, as it doesn't seem unlikely that in the future we may see CPUs with x87 and SSE/AVX but no MMX support. The goal here anyway is just to avoid an FPU stack overflow. I would have preferred to use FFREEP instead of FFREE (freeing two stack slots at once), but AMD doesn't document that instruction. This is CVE-2013-2076 / XSA-52. (CVE-2013-2076)" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2013-June/000156.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.1" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.1", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.1", reference:"xen-4.1.2-18.el5.54")) flag++; if (rpm_check(release:"OVS3.1", reference:"xen-devel-4.1.2-18.el5.54")) flag++; if (rpm_check(release:"OVS3.1", reference:"xen-tools-4.1.2-18.el5.54")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-302-1.NASL description An integer overflow was discovered in the do_replace() function. A local user process with the CAP_NET_ADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu last seen 2020-06-01 modified 2020-06-02 plugin id 27877 published 2007-11-10 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27877 title Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/2.6.12/2.6.15 vulnerabilities (USN-302-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-302-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27877); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2006-0038", "CVE-2006-0744", "CVE-2006-1055", "CVE-2006-1056", "CVE-2006-1522", "CVE-2006-1527", "CVE-2006-1528", "CVE-2006-1855", "CVE-2006-1856", "CVE-2006-1857", "CVE-2006-1858", "CVE-2006-1859", "CVE-2006-1860", "CVE-2006-1863", "CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2271", "CVE-2006-2272", "CVE-2006-2274", "CVE-2006-2275", "CVE-2006-2444"); script_bugtraq_id(17600, 18081); script_xref(name:"USN", value:"302-1"); script_name(english:"Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/2.6.12/2.6.15 vulnerabilities (USN-302-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "An integer overflow was discovered in the do_replace() function. A local user process with the CAP_NET_ADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu's supported packages use this capability with any non-root user, so this only affects you if you use some third party software like the OpenVZ virtualization system. (CVE-2006-0038) On EMT64 CPUs, the kernel did not properly handle uncanonical return addresses. A local user could exploit this to trigger a kernel crash. (CVE-2006-0744) Al Viro discovered a local Denial of Service in the sysfs write buffer handling. By writing a block with a length exactly equal to the processor's page size to any writable file in /sys, a local attacker could cause a kernel crash. (CVE-2006-1055) Jan Beulich discovered an information leak in the handling of registers for the numeric coprocessor when running on AMD processors. This allowed processes to see the coprocessor execution state of other processes, which could reveal sensitive data in the case of cryptographic computations. (CVE-2006-1056) Marcel Holtmann discovered that the sys_add_key() did not check that a new user key is added to a proper keyring. By attempting to add a key to a normal user key (which is not a keyring), a local attacker could exploit this to crash the kernel. (CVE-2006-1522) Ingo Molnar discovered that the SCTP protocol connection tracking module in netfilter got stuck in an infinite loop on certain empty packet chunks. A remote attacker could exploit this to cause the computer to hang. (CVE-2006-1527) The SCSI I/O driver did not correctly handle the VM_IO flag for memory mapped pages used for data transfer. A local user could exploit this to cause a kernel crash. (CVE-2006-1528) The choose_new_parent() contained obsolete debugging code. A local user could exploit this to cause a kernel crash. (CVE-2006-1855) Kostik Belousov discovered that the readv() and writev() functions did not query LSM modules for access permission. This could be exploited to circumvent access restrictions defined by LSM modules such as SELinux or AppArmor. (CVE-2006-1856) The SCTP driver did not properly verify certain parameters when receiving a HB-ACK chunk. By sending a specially crafted packet to an SCTP socket, a remote attacker could exploit this to trigger a buffer overflow, which could lead to a crash or possibly even arbitrary code execution. (CVE-2006-1857) The sctp_walk_params() function in the SCTP driver incorrectly used rounded values for bounds checking instead of the precise values. By sending a specially crafted packet to an SCTP socket, a remote attacker could exploit this to crash the kernel. (CVE-2006-1858) Bjoern Steinbrink reported a memory leak in the __setlease() function. A local attacker could exploit this to exhaust kernel memory and render the computer unusable (Denial of Service). (CVE-2006-1859) Daniel Hokka Zakrisson discovered that the lease_init() did not properly handle locking. A local attacker could exploit this to cause a kernel deadlock (Denial of Service). (CVE-2006-1860) Mark Moseley discovered that the CIFS file system driver did not filter out '..\\' path components. A local attacker could exploit this to break out of a chroot environment on a mounted SMB share. (CVE-2006-1863) The same vulnerability applies to the older smb file system. (CVE-2006-1864) Hugh Dickins discovered that the mprotect() function allowed an user to change a read-only shared memory attachment to become writable, which bypasses IPC (inter-process communication) permissions. (CVE-2006-2071) The SCTP (Stream Control Transmission Protocol) driver triggered a kernel panic on unexpected packets while the session was in the CLOSED state, instead of silently ignoring the packets. A remote attacker could exploit this to crash the computer. (CVE-2006-2271) The SCTP driver did not handle control chunks if they arrived in fragmented packets. By sending specially crafted packets to an SCTP socket, a remote attacker could exploit this to crash the target machine. (CVE-2006-2272) The SCTP driver did not correctly handle packets containing more than one DATA fragment. By sending specially crafted packets to an SCTP socket, a remote attacker could exploit this to crash the target machine. (CVE-2006-2274) The SCTP driver did not correcly buffer incoming packets. By sending a large number of small messages to a receiver application that cannot process the messages quickly enough, a remote attacker could exploit this to cause a deadlock in the target machine (Denial of Service). (CVE-2006-2275) Patrick McHardy discovered that the snmp_trap_decode() function did not correctly handle memory allocation in some error conditions. By sending specially crafted packets to a machine which uses the SNMP network address translation (NAT), a remote attacker could exploit this to crash that machine. (CVE-2006-2444) In addition, the Ubuntu 6.06 LTS update fixes a range of bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/302-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-25"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-control"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/22"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04|5\.10|6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10 / 6.06", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2006-0038", "CVE-2006-0744", "CVE-2006-1055", "CVE-2006-1056", "CVE-2006-1522", "CVE-2006-1527", "CVE-2006-1528", "CVE-2006-1855", "CVE-2006-1856", "CVE-2006-1857", "CVE-2006-1858", "CVE-2006-1859", "CVE-2006-1860", "CVE-2006-1863", "CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2271", "CVE-2006-2272", "CVE-2006-2274", "CVE-2006-2275", "CVE-2006-2444"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-302-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"linux-doc-2.6.10", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-386", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686-smp", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-386", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686-smp", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-patch-ubuntu-2.6.10", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-source-2.6.10", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-tree-2.6.10", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-doc-2.6.12", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-386", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686-smp", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-386", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686-smp", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-patch-ubuntu-2.6.12", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-source-2.6.12", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-tree-2.6.12", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-firmware", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-firmware-2.6.15-25", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-kernel-source", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"fglrx-control", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"fglrx-kernel-source", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-386", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-686", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-686-smp", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-generic", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-k8", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-k8-smp", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-xeon", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-doc", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-doc-2.6.15", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-386", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-686", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-generic", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-k8", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-server", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-xeon", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-server", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-386", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-686", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-generic", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-k8", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-xeon", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-386", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-686", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-generic", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-k8", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-server", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-xeon", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-server", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-386", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-686", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-generic", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-k8", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-xeon", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-kernel-devel", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-386", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-686", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-amd64-generic", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-amd64-k8", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-amd64-xeon", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-386", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-686", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-generic", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-k8", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-xeon", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-common", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-source", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-source-2.6.15", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-dev", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy-dev", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-kernel-source", pkgver:"1.0.8762+2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-legacy-kernel-source", pkgver:"1.0.7174+2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx-dev", pkgver:"2.6.15.11-2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "avm-fritz-firmware / avm-fritz-firmware-2.6.15-25 / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0579.NASL description Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate) * a flaw in ROSE due to missing verification of the ndigis argument of new routes (CVE-2005-3273, moderate) * an info leak on AMD-based x86 systems that allowed a local user to retrieve the floating point exception state of a process run by a different user (CVE-2006-1056, important) * a minor info leak in socket name handling in the network code (CVE-2006-1342, low) * a minor info leak in socket option handling in the network code (CVE-2006-1343, low) * a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via last seen 2020-06-01 modified 2020-06-02 plugin id 22054 published 2006-07-17 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22054 title RHEL 2.1 : kernel (RHSA-2006:0579) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0579. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(22054); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2005-3055", "CVE-2005-3273", "CVE-2006-1056", "CVE-2006-1342", "CVE-2006-1343", "CVE-2006-1864", "CVE-2006-2071"); script_bugtraq_id(17600); script_xref(name:"RHSA", value:"2006:0579"); script_name(english:"RHEL 2.1 : kernel (RHSA-2006:0579)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate) * a flaw in ROSE due to missing verification of the ndigis argument of new routes (CVE-2005-3273, moderate) * an info leak on AMD-based x86 systems that allowed a local user to retrieve the floating point exception state of a process run by a different user (CVE-2006-1056, important) * a minor info leak in socket name handling in the network code (CVE-2006-1342, low) * a minor info leak in socket option handling in the network code (CVE-2006-1343, low) * a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via '..\\' sequences (CVE-2006-1864, moderate) * a flaw in the mprotect system call that allowed to give write permission to a readonly attachment of shared memory (CVE-2006-2071, moderate) A performance bug in the NFS implementation that caused clients to frequently pause when sending TCP segments during heavy write loads was also addressed. All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to these updated packages, which contain backported fixes to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3055" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3273" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-1056" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-1342" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-1343" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-1864" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-2071" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0579" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-enterprise"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-summit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/26"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2005-3055", "CVE-2005-3273", "CVE-2006-1056", "CVE-2006-1342", "CVE-2006-1343", "CVE-2006-1864", "CVE-2006-2071"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2006:0579"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0579"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-2.4.9-e.70")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-BOOT-2.4.9-e.70")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-debug-2.4.9-e.70")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-doc-2.4.9-e.70")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-enterprise-2.4.9-e.70")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-headers-2.4.9-e.70")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-smp-2.4.9-e.70")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-source-2.4.9-e.70")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-summit-2.4.9-e.70")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-debug / kernel-doc / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0446-1.NASL description The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to last seen 2020-06-05 modified 2015-05-20 plugin id 83616 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83616 title SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:0446-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83616); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6885", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894"); script_bugtraq_id(17600, 22967, 55410, 55442, 56289, 56498, 56794, 56796, 56797, 56798, 56803, 57159, 57223, 57420, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60282, 60701, 60702, 60703, 60721, 60799, 61424, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 65419); script_name(english:"SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to 'deep page table traversal.' (bnc#826882) XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possible gain privileges via unspecified vectors. (bnc#826882) XSA-57: CVE-2013-2211: The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors. (bnc#823608) XSA-56: CVE-2013-2072: Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. (bnc#819416) XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to 'other problems' that are not CVE-2013-2194 or CVE-2013-2195. (bnc#823011) XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to 'pointer dereferences' involving unexpected calculations. (bnc#823011) XSA-55: CVE-2013-2194: Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. (bnc#823011) XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. (bnc#820919) XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. (bnc#820917) XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. (bnc#816156) XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. (bnc#816163) XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running 'under memory pressure' and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. (bnc#813677) XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to 'passed-through IRQs or PCI devices.' (bnc#813675) XSA-45: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to 'deep page table traversal.' (bnc#816159) XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. (bnc#813673) XSA-41: CVE-2012-6075: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. (bnc#797523) XSA-37: CVE-2013-0154: The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall. (bnc#797031) XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. (bnc#800275) XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. (bnc#794316) XSA-31: CVE-2012-5515: The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. (bnc#789950) XSA-30: CVE-2012-5514: The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. (bnc#789948) XSA-29: CVE-2012-5513: The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. (bnc#789951) XSA-27: CVE-2012-6333: Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. (bnc#789944) XSA-27: CVE-2012-5511: Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. (bnc#789944) XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. (bnc#789945) XSA-25: CVE-2012-4544: The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. (bnc#787163) XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka 'Grant table hypercall infinite loop DoS vulnerability.' (bnc#786520) XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. (bnc#786519) XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka 'Memory mapping failure DoS vulnerability.' (bnc#786517) XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an 'inappropriate deadline.' (bnc#786516) XSA-19: CVE-2012-4411: The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. (bnc#779212) XSA-15: CVE-2012-3497: (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. (bnc#777890) Also the following non-security bugs have been fixed : - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch. (bnc#805094) - guest 'disappears' after live migration Updated block-dmmd script. (bnc#777628) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b3fed2ec" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-1056.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-0998.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3497.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4411.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4535.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4537.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4538.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4539.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4544.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5510.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5511.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5513.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5514.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5634.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6075.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6333.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0153.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0154.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1432.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1442.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1917.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1918.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1919.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1920.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1952.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1964.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2072.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2076.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2077.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2194.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2195.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2196.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2211.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2212.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4329.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4355.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4361.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4368.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4494.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4553.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4554.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6885.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1891.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1892.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1893.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1894.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/777628" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/777890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/779212" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786517" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786519" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/787163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789944" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789945" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789948" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789951" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/794316" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/797031" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/797523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/800275" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/805094" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813673" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813677" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816159" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/819416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820917" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/823011" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/823608" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/826882" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/831120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839596" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/840592" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/841766" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/842511" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848657" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849667" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849668" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853049" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/860163" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20140446-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e4176238" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11 SP1 LTSS : zypper in -t patch slessp1-xen-201402-8963 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }NASL family Fedora Local Security Checks NASL id FEDORA_2006-423.NASL description This update includes a number of security issues that have been fixed upstream over the last week or so. i386/x86-64: Fix x87 information leak between processes (CVE-2006-1056) ip_route_input panic fix (CVE-2006-1525) fix MADV_REMOVE vulnerability (CVE-2006-1524) shmat: stop mprotect from giving write permission to a readonly attachment (CVE-2006-1524) Fix MPBL0010 driver insecure sysfs permissions x86_64: When user could have changed RIP always force IRET (CVE-2006-0744) Fix RCU signal handling Keys: Fix oops when adding key to non-keyring (CVE-2006-1522) sysfs: zero terminate sysfs write buffers (CVE-2006-1055) It also includes various other fixes from the -stable tree. Full changelogs are available from : http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.7 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.4 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21253 published 2006-04-21 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21253 title Fedora Core 4 : kernel-2.6.16-1.2096_FC4 (2006-423) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0068.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 84140 published 2015-06-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84140 title OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1103.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3359 Franz Filz discovered that some socket calls permit causing inconsistent reference counts on loadable modules, which allows local users to cause a denial of service. - CVE-2006-0038 last seen 2020-06-01 modified 2020-06-02 plugin id 22645 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22645 title Debian DSA-1103-1 : kernel-source-2.6.8 - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0575.NASL description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the fourth regular update to Red Hat Enterprise Linux 4. New features introduced in this update include : * Device Mapper mirroring support * IDE diskdump support * x86, AMD64 and Intel EM64T: Multi-core scheduler support enhancements * Itanium: perfmon support for Montecito * much improved support for IBM x460 * AMD PowerNow! patches to support Opteron Rev G * Vmalloc support > 64MB The following device drivers have been upgraded to new versions : ipmi: 33.11 to 33.13 ib_mthca: 0.06 to 0.08 bnx2: 1.4.30 to 1.4.38 bonding: 2.6.1 to 2.6.3 e100: 3.4.8-k2-NAPI to 3.5.10-k2-NAPI e1000: 6.1.16-k3-NAPI to 7.0.33-k2-NAPI sky2: 0.13 to 1.1 tg3: 3.43-rh to 3.52-rh ipw2100: 1.1.0 to git-1.1.4 ipw2200: 1.0.0 to git-1.0.10 3w-9xxx: 2.26.02.001 to 2.26.04.010 ips: 7.10.18 to 7.12.02 iscsi_sfnet: 4:0.1.11-2 to 4:0.1.11-3 lpfc: 0:8.0.16.18 to 0:8.0.16.27 megaraid_sas: 00.00.02.00 to 00.00.02.03-RH1 qla2xxx: 8.01.02-d4 to 8.01.04-d7 qla6312: 8.01.02-d4 to 8.01.04-d7 sata_promise: 1.03 to 1.04 sata_vsc: 1.1 to 1.2 ibmvscsic: 1.5.5 to 1.5.6 ipr: 2.0.11.1 to 2.0.11.2 Added drivers : dcdbas: 5.6.0-2 sata_mv: 0.6 sata_qstor: 0.05 sata_uli: 0.5 skge: 1.1 stex: 2.9.0.13 pdc_adma: 0.03 This update includes fixes for the security issues : * a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate) * a flaw in the ACL handling of nfsd that allowed a remote user to bypass ACLs for readonly mounted NFS file systems (CVE-2005-3623, moderate) * a flaw in the netfilter handling that allowed a local user with CAP_NET_ADMIN rights to cause a buffer overflow (CVE-2006-0038, low) * a flaw in the IBM S/390 and IBM zSeries strnlen_user() function that allowed a local user to cause a denial of service (crash) or to retrieve random kernel data (CVE-2006-0456, important) * a flaw in the keyctl functions that allowed a local user to cause a denial of service (crash) or to read sensitive kernel memory (CVE-2006-0457, important) * a flaw in unaligned accesses handling on Itanium processors that allowed a local user to cause a denial of service (crash) (CVE-2006-0742, important) * a flaw in SELinux ptrace logic that allowed a local user with ptrace permissions to change the tracer SID to a SID of another process (CVE-2006-1052, moderate) * an info leak on AMD-based x86 and x86_64 systems that allowed a local user to retrieve the floating point exception state of a process run by a different user (CVE-2006-1056, important) * a flaw in IPv4 packet output handling that allowed a remote user to bypass the zero IP ID countermeasure on systems with a disabled firewall (CVE-2006-1242, low) * a minor info leak in socket option handling in the network code (CVE-2006-1343, low) * a flaw in the HB-ACK chunk handling of SCTP that allowed a remote user to cause a denial of service (crash) (CVE-2006-1857, moderate) * a flaw in the SCTP implementation that allowed a remote user to cause a denial of service (deadlock) (CVE-2006-2275, moderate) * a flaw in the socket buffer handling that allowed a remote user to cause a denial of service (panic) (CVE-2006-2446, important) * a flaw in the signal handling access checking on PowerPC that allowed a local user to cause a denial of service (crash) or read arbitrary kernel memory on 64-bit systems (CVE-2006-2448, important) * a flaw in the netfilter SCTP module when receiving a chunkless packet that allowed a remote user to cause a denial of service (crash) (CVE-2006-2934, important) There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. last seen 2020-06-01 modified 2020-06-02 plugin id 22221 published 2006-08-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22221 title RHEL 4 : kernel (RHSA-2006:0575) NASL family Fedora Local Security Checks NASL id FEDORA_2006-421.NASL description This update includes a number of security issues that have been fixed upstream over the last week or so. i386/x86-64: Fix x87 information leak between processes (CVE-2006-1056) ip_route_input panic fix (CVE-2006-1525) fix MADV_REMOVE vulnerability (CVE-2006-1524) shmat: stop mprotect from giving write permission to a readonly attachment (CVE-2006-1524) Fix MPBL0010 driver insecure sysfs permissions x86_64: When user could have changed RIP always force IRET (CVE-2006-0744) Fix RCU signal handling Keys: Fix oops when adding key to non-keyring (CVE-2006-1522) sysfs: zero terminate sysfs write buffers (CVE-2006-1055) It also includes various other fixes from the -stable tree. Full changelogs are available from : http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.7 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.4 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21252 published 2006-04-21 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21252 title Fedora Core 5 : kernel-2.6.16-1.2096_FC5 (2006-421) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0437.NASL description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the eighth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the eighth regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include : - addition of the adp94xx and dcdbas device drivers - diskdump support on megaraid_sas, qlogic, and swap partitions - support for new hardware via driver and SCSI white-list updates There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3. There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include the networking subsystem, the NFS and autofs4 file systems, the SCSI and USB subsystems, and architecture-specific handling affecting AMD Opteron and Intel EM64T processors. The following device drivers have been added or upgraded to new versions : adp94xx -------- 1.0.8 (new) bnx2 ----------- 1.4.38 cciss ---------- 2.4.60.RH1 dcdbas --------- 5.6.0-1 (new) e1000 ---------- 7.0.33-k2 emulex --------- 7.3.6 forcedeth ------ 0.30 ipmi ----------- 35.13 qlogic --------- 7.07.04b6 tg3 ------------ 3.52RH The following security bugs were fixed in this update : - a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate) - a flaw in the exec() handling of multi-threaded tasks using ptrace() that allowed a local user to cause a denial of service (hang of a user process) (CVE-2005-3107, low) - a difference in last seen 2020-06-01 modified 2020-06-02 plugin id 22135 published 2006-08-04 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22135 title CentOS 3 : kernel (CESA-2006:0437) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0575.NASL description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the fourth regular update to Red Hat Enterprise Linux 4. New features introduced in this update include : * Device Mapper mirroring support * IDE diskdump support * x86, AMD64 and Intel EM64T: Multi-core scheduler support enhancements * Itanium: perfmon support for Montecito * much improved support for IBM x460 * AMD PowerNow! patches to support Opteron Rev G * Vmalloc support > 64MB The following device drivers have been upgraded to new versions : ipmi: 33.11 to 33.13 ib_mthca: 0.06 to 0.08 bnx2: 1.4.30 to 1.4.38 bonding: 2.6.1 to 2.6.3 e100: 3.4.8-k2-NAPI to 3.5.10-k2-NAPI e1000: 6.1.16-k3-NAPI to 7.0.33-k2-NAPI sky2: 0.13 to 1.1 tg3: 3.43-rh to 3.52-rh ipw2100: 1.1.0 to git-1.1.4 ipw2200: 1.0.0 to git-1.0.10 3w-9xxx: 2.26.02.001 to 2.26.04.010 ips: 7.10.18 to 7.12.02 iscsi_sfnet: 4:0.1.11-2 to 4:0.1.11-3 lpfc: 0:8.0.16.18 to 0:8.0.16.27 megaraid_sas: 00.00.02.00 to 00.00.02.03-RH1 qla2xxx: 8.01.02-d4 to 8.01.04-d7 qla6312: 8.01.02-d4 to 8.01.04-d7 sata_promise: 1.03 to 1.04 sata_vsc: 1.1 to 1.2 ibmvscsic: 1.5.5 to 1.5.6 ipr: 2.0.11.1 to 2.0.11.2 Added drivers : dcdbas: 5.6.0-2 sata_mv: 0.6 sata_qstor: 0.05 sata_uli: 0.5 skge: 1.1 stex: 2.9.0.13 pdc_adma: 0.03 This update includes fixes for the security issues : * a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate) * a flaw in the ACL handling of nfsd that allowed a remote user to bypass ACLs for readonly mounted NFS file systems (CVE-2005-3623, moderate) * a flaw in the netfilter handling that allowed a local user with CAP_NET_ADMIN rights to cause a buffer overflow (CVE-2006-0038, low) * a flaw in the IBM S/390 and IBM zSeries strnlen_user() function that allowed a local user to cause a denial of service (crash) or to retrieve random kernel data (CVE-2006-0456, important) * a flaw in the keyctl functions that allowed a local user to cause a denial of service (crash) or to read sensitive kernel memory (CVE-2006-0457, important) * a flaw in unaligned accesses handling on Itanium processors that allowed a local user to cause a denial of service (crash) (CVE-2006-0742, important) * a flaw in SELinux ptrace logic that allowed a local user with ptrace permissions to change the tracer SID to a SID of another process (CVE-2006-1052, moderate) * an info leak on AMD-based x86 and x86_64 systems that allowed a local user to retrieve the floating point exception state of a process run by a different user (CVE-2006-1056, important) * a flaw in IPv4 packet output handling that allowed a remote user to bypass the zero IP ID countermeasure on systems with a disabled firewall (CVE-2006-1242, low) * a minor info leak in socket option handling in the network code (CVE-2006-1343, low) * a flaw in the HB-ACK chunk handling of SCTP that allowed a remote user to cause a denial of service (crash) (CVE-2006-1857, moderate) * a flaw in the SCTP implementation that allowed a remote user to cause a denial of service (deadlock) (CVE-2006-2275, moderate) * a flaw in the socket buffer handling that allowed a remote user to cause a denial of service (panic) (CVE-2006-2446, important) * a flaw in the signal handling access checking on PowerPC that allowed a local user to cause a denial of service (crash) or read arbitrary kernel memory on 64-bit systems (CVE-2006-2448, important) * a flaw in the netfilter SCTP module when receiving a chunkless packet that allowed a remote user to cause a denial of service (crash) (CVE-2006-2934, important) There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. last seen 2020-06-01 modified 2020-06-02 plugin id 22276 published 2006-08-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22276 title CentOS 4 : kernel (CESA-2006:0575) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1097.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0038 last seen 2020-06-01 modified 2020-06-02 plugin id 22639 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22639 title Debian DSA-1097-1 : kernel-source-2.4.27 - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0437.NASL description Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the eighth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the eighth regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include : - addition of the adp94xx and dcdbas device drivers - diskdump support on megaraid_sas, qlogic, and swap partitions - support for new hardware via driver and SCSI white-list updates There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3. There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include the networking subsystem, the NFS and autofs4 file systems, the SCSI and USB subsystems, and architecture-specific handling affecting AMD Opteron and Intel EM64T processors. The following device drivers have been added or upgraded to new versions : adp94xx -------- 1.0.8 (new) bnx2 ----------- 1.4.38 cciss ---------- 2.4.60.RH1 dcdbas --------- 5.6.0-1 (new) e1000 ---------- 7.0.33-k2 emulex --------- 7.3.6 forcedeth ------ 0.30 ipmi ----------- 35.13 qlogic --------- 7.07.04b6 tg3 ------------ 3.52RH The following security bugs were fixed in this update : - a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate) - a flaw in the exec() handling of multi-threaded tasks using ptrace() that allowed a local user to cause a denial of service (hang of a user process) (CVE-2005-3107, low) - a difference in last seen 2020-06-01 modified 2020-06-02 plugin id 22086 published 2006-07-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22086 title RHEL 3 : kernel (RHSA-2006:0437)
Oval
| accepted | 2013-04-29T04:23:59.785-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processers in a security-relevant fashion that was not addressed by the kernels. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9995 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processers in a security-relevant fashion that was not addressed by the kernels. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc
- http://kb.vmware.com/kb/2533126
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lwn.net/Alerts/180820/
- http://marc.info/?l=linux-kernel&m=114548768214478&w=2
- http://secunia.com/advisories/19715
- http://secunia.com/advisories/19724
- http://secunia.com/advisories/19735
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/20671
- http://secunia.com/advisories/20716
- http://secunia.com/advisories/20914
- http://secunia.com/advisories/21035
- http://secunia.com/advisories/21136
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/21983
- http://secunia.com/advisories/22417
- http://secunia.com/advisories/22875
- http://secunia.com/advisories/22876
- http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt
- http://securitytracker.com/id?1015966
- http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.debian.org/security/2006/dsa-1097
- http://www.debian.org/security/2006/dsa-1103
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.osvdb.org/24746
- http://www.osvdb.org/24807
- http://www.redhat.com/support/errata/RHSA-2006-0437.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.redhat.com/support/errata/RHSA-2006-0579.html
- http://www.securityfocus.com/archive/1/431341
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
- http://www.securityfocus.com/archive/1/451419/100/200/threaded
- http://www.securityfocus.com/archive/1/451421/100/0/threaded
- http://www.securityfocus.com/bid/17600
- http://www.ubuntu.com/usn/usn-302-1
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://www.vmware.com/download/esx/esx-254-200610-patch.html
- http://www.vupen.com/english/advisories/2006/1426
- http://www.vupen.com/english/advisories/2006/1475
- http://www.vupen.com/english/advisories/2006/2554
- http://www.vupen.com/english/advisories/2006/4353
- http://www.vupen.com/english/advisories/2006/4502
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25871
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995