Vulnerabilities > CVE-2009-3612 - Information Exposure vulnerability in multiple products

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1541 and 
# CentOS Errata and Security Advisory 2009:1541 respectively.
#

include("compat.inc");

if (description)
{
  script_id(67067);
  script_version("1.17");
  script_cvs_date("Date: 2019/10/25 13:36:05");

  script_cve_id("CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621");
  script_bugtraq_id(36901);
  script_xref(name:"RHSA", value:"2009:1541");

  script_name(english:"CentOS 4 : kernel (CESA-2009:1541)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix security issues are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* a NULL pointer dereference flaw was found in each of the following
functions in the Linux kernel: pipe_read_open(), pipe_write_open(),
and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe
pointer could be released by other processes before it is used to
update the pipe's reader and writer counters. This could lead to a
local denial of service or privilege escalation. (CVE-2009-3547,
Important)

Users should upgrade to these updated packages, which contain a
backported patch to correct these issues. The system must be rebooted
for this update to take effect."
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-November/016302.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e49d36a5"
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-November/016303.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?15a99734"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(16, 20, 119, 200, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/11/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/29");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-devel-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-devel-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-doc-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-doc-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-89.0.16.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-89.0.16.EL")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2009:1522 and 
# Oracle Linux Security Advisory ELSA-2009-1522 respectively.
#

include("compat.inc");

if (description)
{
  script_id(67945);
  script_version("1.13");
  script_cvs_date("Date: 2019/10/25 13:36:08");

  script_cve_id("CVE-2005-4881", "CVE-2009-3228", "CVE-2009-3612");
  script_bugtraq_id(36304);
  script_xref(name:"RHSA", value:"2009:1522");

  script_name(english:"Oracle Linux 4 : kernel (ELSA-2009-1522)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2009:1522 :

Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* multiple, missing initialization flaws were found in the Linux
kernel. Padding data in several core network structures was not
initialized properly before being sent to user-space. These flaws
could lead to information leaks. (CVE-2005-4881, CVE-2009-3228,
Moderate)

This update also fixes the following bugs :

* a packet duplication issue was fixed via the RHSA-2008:0665 update;
however, the fix introduced a problem for systems using network
bonding: Backup slaves were unable to receive ARP packets. When using
network bonding in the 'active-backup' mode and with the
'arp_validate=3' option, the bonding driver considered such backup
slaves as being down (since they were not receiving ARP packets),
preventing successful failover to these devices. (BZ#519384)

* due to insufficient memory barriers in the network code, a process
sleeping in select() may have missed notifications about new data. In
rare cases, this bug may have caused a process to sleep forever.
(BZ#519386)

* the driver version number in the ata_piix driver was not changed
between Red Hat Enterprise Linux 4.7 and Red Hat Enterprise Linux 4.8,
even though changes had been made between these releases. This could
have prevented the driver from loading on systems that check driver
versions, as this driver appeared older than it was. (BZ#519389)

* a bug in nlm_lookup_host() could have led to un-reclaimed locks on
file systems, resulting in the umount command failing. This bug could
have also prevented NFS services from being relocated correctly in
clustered environments. (BZ#519656)

* the data buffer ethtool_get_strings() allocated, for the igb driver,
was smaller than the amount of data that was copied in
igb_get_strings(), because of a miscalculation in IGB_QUEUE_STATS_LEN,
resulting in memory corruption. This bug could have led to a kernel
panic. (BZ#522738)

* in some situations, write operations to a TTY device were blocked
even when the O_NONBLOCK flag was used. A reported case of this issue
occurred when a single TTY device was opened by two users (one using
blocking mode, and the other using non-blocking mode). (BZ#523930)

* a deadlock was found in the cciss driver. In rare cases, this caused
an NMI lockup during boot. Messages such as 'cciss: controller
cciss[x] failed, stopping.' and 'cciss[x]: controller not responding.'
may have been displayed on the console. (BZ#525725)

* on 64-bit PowerPC systems, a rollover bug in the ibmveth driver
could have caused a kernel panic. In a reported case, this panic
occurred on a system with a large uptime and under heavy network load.
(BZ#527225)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2009-October/001211.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(200);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2005-4881", "CVE-2009-3228", "CVE-2009-3612");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2009-1522");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "2.6";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_exists(release:"EL4", rpm:"kernel-2.6.9") && rpm_check(release:"EL4", reference:"kernel-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-devel-2.6.9") && rpm_check(release:"EL4", reference:"kernel-devel-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-doc-2.6.9") && rpm_check(release:"EL4", reference:"kernel-doc-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"ia64", reference:"kernel-largesmp-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"ia64", reference:"kernel-largesmp-devel-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-89.0.15.0.1.EL")) flag++;
if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-89.0.15.0.1.EL")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2009:329. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(48161);
  script_version("1.30");
  script_cvs_date("Date: 2019/08/02 13:32:52");

  script_cve_id("CVE-2009-1298", "CVE-2009-2903", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3621", "CVE-2009-3638", "CVE-2009-3726", "CVE-2009-4131");
  script_bugtraq_id(36379, 36723, 36803, 36827, 36901, 36936);
  script_xref(name:"MDVSA", value:"2009:329");

  script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2009:329)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and
ipddp modules are loaded but the ipddpN device is not found, allows
remote attackers to cause a denial of service (memory consumption) via
IP-DDP datagrams. (CVE-2009-2903)

Multiple race conditions in fs/pipe.c in the Linux kernel before
2.6.32-rc6 allow local users to cause a denial of service (NULL
pointer dereference and system crash) or gain privileges by attempting
to open an anonymous pipe via a /proc/*/fd/ pathname. (CVE-2009-3547)

The tcf_fill_node function in net/sched/cls_api.c in the netlink
subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6
and earlier, does not initialize a certain tcm__pad2 structure member,
which might allow local users to obtain sensitive information from
kernel memory via unspecified vectors. NOTE: this issue exists because
of an incomplete fix for CVE-2005-4881. (CVE-2009-3612)

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows
local users to cause a denial of service (system hang) by creating an
abstract-namespace AF_UNIX listening socket, performing a shutdown
operation on this socket, and then performing a series of connect
operations to this socket. (CVE-2009-3621)

Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in
arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before
2.6.31.4 allows local users to have an unspecified impact via a
KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.
(CVE-2009-3638)

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client
in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to
cause a denial of service (NULL pointer dereference and panic) by
sending a certain response containing incorrect file attributes, which
trigger attempted use of an open file that lacks NFSv4 state.
(CVE-2009-3726)

The ip_frag_reasm function in ipv4/ip_fragment.c in Linux kernel
2.6.32-rc8, and possibly earlier versions, calls IP_INC_STATS_BH with
an incorrect argument, which allows remote attackers to cause a denial
of service (NULL pointer dereference and hang) via long IP packets,
possibly related to the ip_defrag function. (CVE-2009-1298)

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(119, 189, 200, 264, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:em8300-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:em8300-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:em8300-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.29.6-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.31.6-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-2.6.29.6-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-2.6.31.6-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.29.6-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.31.6-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.29.6-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.31.6-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.29.6-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.31.6-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-2.6.29.6-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-2.6.31.6-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.29.6-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.31.6-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.29.6-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.31.6-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libafs-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libafs-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libafs-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lirc-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lzma-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vboxadditions-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.29.6-desktop-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.29.6-desktop586-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.29.6-server-3mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.6-desktop-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.6-desktop586-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.6-server-1mnb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2009.1", reference:"broadcom-wl-kernel-2.6.29.6-desktop-3mnb-5.10.79.10-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"broadcom-wl-kernel-2.6.29.6-desktop586-3mnb-5.10.79.10-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"broadcom-wl-kernel-2.6.29.6-server-3mnb-5.10.79.10-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"broadcom-wl-kernel-desktop-latest-5.10.79.10-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"broadcom-wl-kernel-desktop586-latest-5.10.79.10-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"broadcom-wl-kernel-server-latest-5.10.79.10-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"em8300-kernel-2.6.29.6-desktop-3mnb-0.17.2-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"em8300-kernel-2.6.29.6-desktop586-3mnb-0.17.2-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"em8300-kernel-2.6.29.6-server-3mnb-0.17.2-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"em8300-kernel-desktop-latest-0.17.2-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"em8300-kernel-desktop586-latest-0.17.2-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"em8300-kernel-server-latest-0.17.2-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"fcpci-kernel-2.6.29.6-desktop-3mnb-3.11.07-7mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"fcpci-kernel-2.6.29.6-desktop586-3mnb-3.11.07-7mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"fcpci-kernel-2.6.29.6-server-3mnb-3.11.07-7mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"fcpci-kernel-desktop-latest-3.11.07-1.20091209.7mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"fcpci-kernel-desktop586-latest-3.11.07-1.20091209.7mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"fcpci-kernel-server-latest-3.11.07-1.20091209.7mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"hcfpcimodem-kernel-2.6.29.6-desktop-3mnb-1.18-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"hcfpcimodem-kernel-2.6.29.6-desktop586-3mnb-1.18-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"hcfpcimodem-kernel-2.6.29.6-server-3mnb-1.18-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"hcfpcimodem-kernel-desktop-latest-1.18-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"hcfpcimodem-kernel-desktop586-latest-1.18-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"hcfpcimodem-kernel-server-latest-1.18-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"hsfmodem-kernel-2.6.29.6-desktop-3mnb-7.80.02.03-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"hsfmodem-kernel-2.6.29.6-desktop586-3mnb-7.80.02.03-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"hsfmodem-kernel-2.6.29.6-server-3mnb-7.80.02.03-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"hsfmodem-kernel-desktop-latest-7.80.02.03-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"hsfmodem-kernel-desktop586-latest-7.80.02.03-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"hsfmodem-kernel-server-latest-7.80.02.03-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-2.6.29.6-3mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-desktop-2.6.29.6-3mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-desktop-devel-2.6.29.6-3mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-desktop-devel-latest-2.6.29.6-3mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-desktop-latest-2.6.29.6-3mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"kernel-desktop586-2.6.29.6-3mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"kernel-desktop586-devel-2.6.29.6-3mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"kernel-desktop586-devel-latest-2.6.29.6-3mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"kernel-desktop586-latest-2.6.29.6-3mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-doc-2.6.29.6-3mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-server-2.6.29.6-3mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-server-devel-2.6.29.6-3mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-server-devel-latest-2.6.29.6-3mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-server-latest-2.6.29.6-3mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-source-2.6.29.6-3mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"kernel-source-latest-2.6.29.6-3mnb2")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"libafs-kernel-2.6.29.6-desktop-3mnb-1.4.10-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libafs-kernel-2.6.29.6-desktop586-3mnb-1.4.10-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"libafs-kernel-2.6.29.6-server-3mnb-1.4.10-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"libafs-kernel-desktop-latest-1.4.10-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libafs-kernel-desktop586-latest-1.4.10-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"libafs-kernel-server-latest-1.4.10-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"lirc-kernel-2.6.29.6-desktop-3mnb-0.8.5-0.20090320.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"lirc-kernel-2.6.29.6-desktop586-3mnb-0.8.5-0.20090320.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"lirc-kernel-2.6.29.6-server-3mnb-0.8.5-0.20090320.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"lirc-kernel-desktop-latest-0.8.5-1.20091209.0.20090320.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"lirc-kernel-desktop586-latest-0.8.5-1.20091209.0.20090320.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"lirc-kernel-server-latest-0.8.5-1.20091209.0.20090320.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"lzma-kernel-2.6.29.6-desktop-3mnb-4.43-27.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"lzma-kernel-2.6.29.6-desktop586-3mnb-4.43-27.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"lzma-kernel-2.6.29.6-server-3mnb-4.43-27.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"lzma-kernel-desktop-latest-4.43-1.20091209.27.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"lzma-kernel-desktop586-latest-4.43-1.20091209.27.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"lzma-kernel-server-latest-4.43-1.20091209.27.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"madwifi-kernel-2.6.29.6-desktop-3mnb-0.9.4-4.r3998mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"madwifi-kernel-2.6.29.6-desktop586-3mnb-0.9.4-4.r3998mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"madwifi-kernel-2.6.29.6-server-3mnb-0.9.4-4.r3998mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"madwifi-kernel-desktop-latest-0.9.4-1.20091209.4.r3998mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"madwifi-kernel-desktop586-latest-0.9.4-1.20091209.4.r3998mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"madwifi-kernel-server-latest-0.9.4-1.20091209.4.r3998mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia-current-kernel-2.6.29.6-desktop-3mnb-180.51-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"nvidia-current-kernel-2.6.29.6-desktop586-3mnb-180.51-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia-current-kernel-2.6.29.6-server-3mnb-180.51-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia-current-kernel-desktop-latest-180.51-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"nvidia-current-kernel-desktop586-latest-180.51-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia-current-kernel-server-latest-180.51-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia173-kernel-2.6.29.6-desktop-3mnb-173.14.18-2mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"nvidia173-kernel-2.6.29.6-desktop586-3mnb-173.14.18-2mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia173-kernel-2.6.29.6-server-3mnb-173.14.18-2mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia173-kernel-desktop-latest-173.14.18-1.20091209.2mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"nvidia173-kernel-desktop586-latest-173.14.18-1.20091209.2mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia173-kernel-server-latest-173.14.18-1.20091209.2mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia96xx-kernel-2.6.29.6-desktop-3mnb-96.43.11-5mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"nvidia96xx-kernel-2.6.29.6-desktop586-3mnb-96.43.11-5mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia96xx-kernel-2.6.29.6-server-3mnb-96.43.11-5mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia96xx-kernel-desktop-latest-96.43.11-1.20091209.5mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"nvidia96xx-kernel-desktop586-latest-96.43.11-1.20091209.5mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"nvidia96xx-kernel-server-latest-96.43.11-1.20091209.5mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"slmodem-kernel-2.6.29.6-desktop-3mnb-2.9.11-0.20080817.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"slmodem-kernel-2.6.29.6-desktop586-3mnb-2.9.11-0.20080817.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"slmodem-kernel-2.6.29.6-server-3mnb-2.9.11-0.20080817.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"slmodem-kernel-desktop-latest-2.9.11-1.20091209.0.20080817.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"slmodem-kernel-desktop586-latest-2.9.11-1.20091209.0.20080817.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"slmodem-kernel-server-latest-2.9.11-1.20091209.0.20080817.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"vboxadditions-kernel-2.6.29.6-desktop-3mnb-2.2.0-4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"vboxadditions-kernel-2.6.29.6-desktop586-3mnb-2.2.0-4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"vboxadditions-kernel-2.6.29.6-server-3mnb-2.2.0-4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"vboxadditions-kernel-desktop-latest-2.2.0-1.20091209.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"vboxadditions-kernel-desktop586-latest-2.2.0-1.20091209.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"vboxadditions-kernel-server-latest-2.2.0-1.20091209.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"virtualbox-kernel-2.6.29.6-desktop-3mnb-2.2.0-4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"virtualbox-kernel-2.6.29.6-desktop586-3mnb-2.2.0-4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"virtualbox-kernel-2.6.29.6-server-3mnb-2.2.0-4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"virtualbox-kernel-desktop-latest-2.2.0-1.20091209.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"virtualbox-kernel-desktop586-latest-2.2.0-1.20091209.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"virtualbox-kernel-server-latest-2.2.0-1.20091209.4mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"vpnclient-kernel-2.6.29.6-desktop-3mnb-4.8.02.0030-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"vpnclient-kernel-2.6.29.6-desktop-3mnb-4.8.01.0640-3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"vpnclient-kernel-2.6.29.6-desktop586-3mnb-4.8.02.0030-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"vpnclient-kernel-2.6.29.6-server-3mnb-4.8.02.0030-1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"vpnclient-kernel-2.6.29.6-server-3mnb-4.8.01.0640-3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"vpnclient-kernel-desktop-latest-4.8.02.0030-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"vpnclient-kernel-desktop-latest-4.8.01.0640-1.20091209.3mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"vpnclient-kernel-desktop586-latest-4.8.02.0030-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"vpnclient-kernel-server-latest-4.8.02.0030-1.20091209.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"vpnclient-kernel-server-latest-4.8.01.0640-1.20091209.3mdv2009.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2010.0", reference:"broadcom-wl-kernel-2.6.31.6-desktop-1mnb-5.10.91.9-2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"broadcom-wl-kernel-2.6.31.6-desktop586-1mnb-5.10.91.9-2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"broadcom-wl-kernel-2.6.31.6-server-1mnb-5.10.91.9-2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"broadcom-wl-kernel-desktop-latest-5.10.91.9-1.20091209.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"broadcom-wl-kernel-desktop586-latest-5.10.91.9-1.20091209.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"broadcom-wl-kernel-server-latest-5.10.91.9-1.20091209.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"em8300-kernel-2.6.31.6-desktop-1mnb-0.17.4-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"em8300-kernel-2.6.31.6-desktop586-1mnb-0.17.4-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"em8300-kernel-2.6.31.6-server-1mnb-0.17.4-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"em8300-kernel-desktop-latest-0.17.4-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"em8300-kernel-desktop586-latest-0.17.4-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"em8300-kernel-server-latest-0.17.4-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"fglrx-kernel-2.6.31.6-desktop-1mnb-8.650-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"fglrx-kernel-2.6.31.6-desktop586-1mnb-8.650-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"fglrx-kernel-2.6.31.6-server-1mnb-8.650-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"fglrx-kernel-desktop-latest-8.650-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"fglrx-kernel-desktop586-latest-8.650-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"fglrx-kernel-server-latest-8.650-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"hcfpcimodem-kernel-2.6.31.6-desktop-1mnb-1.19-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"hcfpcimodem-kernel-2.6.31.6-desktop586-1mnb-1.19-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"hcfpcimodem-kernel-2.6.31.6-server-1mnb-1.19-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"hcfpcimodem-kernel-desktop-latest-1.19-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"hcfpcimodem-kernel-desktop586-latest-1.19-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"hcfpcimodem-kernel-server-latest-1.19-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"hsfmodem-kernel-2.6.31.6-desktop-1mnb-7.80.02.05-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"hsfmodem-kernel-2.6.31.6-desktop586-1mnb-7.80.02.05-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"hsfmodem-kernel-2.6.31.6-server-1mnb-7.80.02.05-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"hsfmodem-kernel-desktop-latest-7.80.02.05-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"hsfmodem-kernel-desktop586-latest-7.80.02.05-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"hsfmodem-kernel-server-latest-7.80.02.05-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-2.6.31.6-1mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-desktop-2.6.31.6-1mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-desktop-devel-2.6.31.6-1mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-desktop-devel-latest-2.6.31.6-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-desktop-latest-2.6.31.6-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"kernel-desktop586-2.6.31.6-1mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"kernel-desktop586-devel-2.6.31.6-1mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"kernel-desktop586-devel-latest-2.6.31.6-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"kernel-desktop586-latest-2.6.31.6-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-doc-2.6.31.6-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-server-2.6.31.6-1mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-server-devel-2.6.31.6-1mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-server-devel-latest-2.6.31.6-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-server-latest-2.6.31.6-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-source-2.6.31.6-1mnb-1-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"kernel-source-latest-2.6.31.6-1mnb2")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"libafs-kernel-2.6.31.6-desktop-1mnb-1.4.11-2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libafs-kernel-2.6.31.6-desktop586-1mnb-1.4.11-2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"libafs-kernel-2.6.31.6-server-1mnb-1.4.11-2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"libafs-kernel-desktop-latest-1.4.11-1.20091209.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libafs-kernel-desktop586-latest-1.4.11-1.20091209.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"libafs-kernel-server-latest-1.4.11-1.20091209.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"lirc-kernel-2.6.31.6-desktop-1mnb-0.8.6-2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"lirc-kernel-2.6.31.6-desktop586-1mnb-0.8.6-2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"lirc-kernel-2.6.31.6-server-1mnb-0.8.6-2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"lirc-kernel-desktop-latest-0.8.6-1.20091209.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"lirc-kernel-desktop586-latest-0.8.6-1.20091209.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"lirc-kernel-server-latest-0.8.6-1.20091209.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"lzma-kernel-2.6.31.6-desktop-1mnb-4.43-28mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"lzma-kernel-2.6.31.6-desktop586-1mnb-4.43-28mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"lzma-kernel-2.6.31.6-server-1mnb-4.43-28mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"lzma-kernel-desktop-latest-4.43-1.20091209.28mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"lzma-kernel-desktop586-latest-4.43-1.20091209.28mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"lzma-kernel-server-latest-4.43-1.20091209.28mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"madwifi-kernel-2.6.31.6-desktop-1mnb-0.9.4-4.r4068mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"madwifi-kernel-2.6.31.6-desktop586-1mnb-0.9.4-4.r4068mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"madwifi-kernel-2.6.31.6-server-1mnb-0.9.4-4.r4068mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"madwifi-kernel-desktop-latest-0.9.4-1.20091209.4.r4068mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"madwifi-kernel-desktop586-latest-0.9.4-1.20091209.4.r4068mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"madwifi-kernel-server-latest-0.9.4-1.20091209.4.r4068mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia-current-kernel-2.6.31.6-desktop-1mnb-185.18.36-4mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"nvidia-current-kernel-2.6.31.6-desktop586-1mnb-185.18.36-4mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia-current-kernel-2.6.31.6-server-1mnb-185.18.36-4mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia-current-kernel-desktop-latest-185.18.36-1.20091209.4mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"nvidia-current-kernel-desktop586-latest-185.18.36-1.20091209.4mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia-current-kernel-server-latest-185.18.36-1.20091209.4mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia173-kernel-2.6.31.6-desktop-1mnb-173.14.20-7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"nvidia173-kernel-2.6.31.6-desktop586-1mnb-173.14.20-7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia173-kernel-2.6.31.6-server-1mnb-173.14.20-7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia173-kernel-desktop-latest-173.14.20-1.20091209.7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"nvidia173-kernel-desktop586-latest-173.14.20-1.20091209.7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia173-kernel-server-latest-173.14.20-1.20091209.7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia96xx-kernel-2.6.31.6-desktop-1mnb-96.43.13-7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"nvidia96xx-kernel-2.6.31.6-desktop586-1mnb-96.43.13-7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia96xx-kernel-2.6.31.6-server-1mnb-96.43.13-7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia96xx-kernel-desktop-latest-96.43.13-1.20091209.7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"nvidia96xx-kernel-desktop586-latest-96.43.13-1.20091209.7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nvidia96xx-kernel-server-latest-96.43.13-1.20091209.7mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"slmodem-kernel-2.6.31.6-desktop-1mnb-2.9.11-0.20080817.4.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"slmodem-kernel-2.6.31.6-desktop586-1mnb-2.9.11-0.20080817.4.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"slmodem-kernel-2.6.31.6-server-1mnb-2.9.11-0.20080817.4.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"slmodem-kernel-desktop-latest-2.9.11-1.20091209.0.20080817.4.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"slmodem-kernel-desktop586-latest-2.9.11-1.20091209.0.20080817.4.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"slmodem-kernel-server-latest-2.9.11-1.20091209.0.20080817.4.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"squashfs-lzma-kernel-2.6.31.6-desktop-1mnb-3.3-11mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"squashfs-lzma-kernel-2.6.31.6-desktop586-1mnb-3.3-11mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"squashfs-lzma-kernel-2.6.31.6-server-1mnb-3.3-11mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"squashfs-lzma-kernel-desktop-latest-3.3-1.20091209.11mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"squashfs-lzma-kernel-desktop586-latest-3.3-1.20091209.11mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"squashfs-lzma-kernel-server-latest-3.3-1.20091209.11mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"vboxadditions-kernel-2.6.31.6-desktop-1mnb-3.0.8-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"vboxadditions-kernel-2.6.31.6-desktop586-1mnb-3.0.8-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"vboxadditions-kernel-2.6.31.6-server-1mnb-3.0.8-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"vboxadditions-kernel-desktop-latest-3.0.8-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"vboxadditions-kernel-desktop586-latest-3.0.8-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"vboxadditions-kernel-server-latest-3.0.8-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"virtualbox-kernel-2.6.31.6-desktop-1mnb-3.0.8-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"virtualbox-kernel-2.6.31.6-desktop586-1mnb-3.0.8-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"virtualbox-kernel-2.6.31.6-server-1mnb-3.0.8-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"virtualbox-kernel-desktop-latest-3.0.8-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"virtualbox-kernel-desktop586-latest-3.0.8-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"virtualbox-kernel-server-latest-3.0.8-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"vpnclient-kernel-2.6.31.6-desktop-1mnb-4.8.02.0030-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"vpnclient-kernel-2.6.31.6-desktop586-1mnb-4.8.02.0030-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"vpnclient-kernel-2.6.31.6-server-1mnb-4.8.02.0030-1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"vpnclient-kernel-desktop-latest-4.8.02.0030-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"vpnclient-kernel-desktop586-latest-4.8.02.0030-1.20091209.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"vpnclient-kernel-server-latest-4.8.02.0030-1.20091209.1mdv2010.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update kernel-1908.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(44621);
  script_version("1.15");
  script_cvs_date("Date: 2019/10/25 13:36:37");

  script_cve_id("CVE-2009-1633", "CVE-2009-2848", "CVE-2009-2903", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3238", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3726", "CVE-2009-3939", "CVE-2009-4021", "CVE-2009-4138", "CVE-2009-4308", "CVE-2009-4536", "CVE-2009-4538", "CVE-2010-0003", "CVE-2010-0007");

  script_name(english:"openSUSE Security Update : kernel (kernel-1908)");
  script_summary(english:"Check for the kernel-1908 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This kernel update for openSUSE 11.0 fixes some bugs and several
security problems.

The following security issues are fixed: CVE-2009-4536:
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel
handles Ethernet frames that exceed the MTU by processing certain
trailing payload data as if it were a complete frame, which allows
remote attackers to bypass packet filters via a large packet with a
crafted payload.

CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e driver in the
Linux kernel does not properly check the size of an Ethernet frame
that exceeds the MTU, which allows remote attackers to have an
unspecified impact via crafted packets.

CVE-2010-0007: Missing CAP_NET_ADMIN checks in the ebtables netfilter
code might have allowed local attackers to modify bridge firewall
settings.

CVE-2010-0003: An information leakage on fatal signals on x86_64
machines was fixed.

CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel, when
packet-per-buffer mode is used, allows local users to cause a denial
of service (NULL pointer dereference and system crash) or possibly
have unknown other impact via an unspecified ioctl associated with
receiving an ISO packet that contains zero in the payload-length
field.

CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in
the ext4 filesystem in the Linux kernel before 2.6.32 allows
user-assisted remote attackers to cause a denial of service (NULL
pointer dereference), and possibly have unspecified other impact, via
a crafted read-only filesystem that lacks a journal.

CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in
the Linux kernel 2.6.31.6 and earlier has world-writable permissions,
which allows local users to change the I/O mode of the driver by
modifying this file.

CVE-2009-4021: The fuse_direct_io function in fs/fuse/file.c in the
fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow
attackers to cause a denial of service (invalid pointer dereference
and OOPS) via vectors possibly related to a memory-consumption attack.

CVE-2009-3547: A race condition in the pipe(2) systemcall could be
used by local attackers to hang the machine. The kernel in Moblin 2.0
uses NULL ptr protection which avoids code execution possbilities.

CVE-2009-2903: Memory leak in the appletalk subsystem in the Linux
kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the
appletalk and ipddp modules are loaded but the ipddp'N' device is not
found, allows remote attackers to cause a denial of service (memory
consumption) via IP-DDP datagrams.

CVE-2009-3621: net/unix/af_unix.c in the Linux kernel 2.6.31.4 and
earlier allows local users to cause a denial of service (system hang)
by creating an abstract-namespace AF_UNIX listening socket, performing
a shutdown operation on this socket, and then performing a series of
connect operations to this socket.

CVE-2009-3612: The tcf_fill_node function in net/sched/cls_api.c in
the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and
2.4.37.6 and earlier, does not initialize a certain tcm__pad2
structure member, which might allow local users to obtain sensitive
information from kernel memory via unspecified vectors.

CVE-2009-3620: The ATI Rage 128 (aka r128) driver in the Linux kernel
before 2.6.31-git11 does not properly verify Concurrent Command Engine
(CCE) state initialization, which allows local users to cause a denial
of service (NULL pointer dereference and system crash) or possibly
gain privileges via unspecified ioctl calls.

CVE-2009-3726: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the
NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS
servers to cause a denial of service (NULL pointer dereference and
panic) by sending a certain response containing incorrect file
attributes, which trigger attempted use of an open file that lacks
NFSv4 state.

CVE-2009-3286: NFSv4 in the Linux kernel 2.6.18, and possibly other
versions, does not properly clean up an inode when an O_EXCL create
fails, which causes files to be created with insecure settings such as
setuid bits, and possibly allows local users to gain privileges,
related to the execution of the do_open_permission function even when
a create fails.

CVE-2009-2910: arch/x86/ia32/ia32entry.S in the Linux kernel before
2.6.31.4 on the x86_64 platform does not clear certain kernel
registers before a return to user mode, which allows local users to
read register values from an earlier process by switching an ia32
process to 64-bit mode.

CVE-2009-3238: The get_random_int function in drivers/char/random.c in
the Linux kernel before 2.6.30 produces insufficiently random numbers,
which allows attackers to predict the return value, and possibly
defeat protection mechanisms based on randomization, via vectors that
leverage the function's tendency to 'return the same value over and
over again for long stretches of time.'

CVE-2009-2848: The execve function in the Linux kernel, possibly
2.6.30-rc6 and earlier, does not properly clear the
current->clear_child_tid pointer, which allows local users to cause a
denial of service (memory corruption) or possibly gain privileges via
a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID
enabled, which is not properly handled during thread creation and
exit.

CVE-2009-3002: The Linux kernel before 2.6.31-rc7 does not initialize
certain data structures within getname functions, which allows local
users to read the contents of some kernel memory locations by calling
getsockname on (1) an AF_APPLETALK socket, related to the
atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket,
related to the irda_getname function in net/irda/af_irda.c; (3) an
AF_ECONET socket, related to the econet_getname function in
net/econet/af_econet.c; (4) an AF_NETROM socket, related to the
nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket,
related to the rose_getname function in net/rose/af_rose.c; or (6) a
raw CAN socket, related to the raw_getname function in net/can/raw.c.

CVE-2009-1633: Multiple buffer overflows in the cifs subsystem in the
Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a
denial of service (memory corruption) and possibly have unspecified
other impact via (1) a malformed Unicode string, related to Unicode
string area alignment in fs/cifs/sess.c; or (2) long Unicode
characters, related to fs/cifs/cifssmb.c and the cifs_readdir function
in fs/cifs/readdir.c."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=421732"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=441062"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=492282"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=526368"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=527865"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=534372"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=536467"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=539878"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=541648"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=541658"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=543740"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=547131"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=548070"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=548071"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=550001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=552775"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=556864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=557180"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=564382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=564712"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=567376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=569902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=570606"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 119, 189, 200, 264, 310, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:acerhk-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:acx-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:appleir-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:at76_usb-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:atl2-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:aufs-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dazuko-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:drbd-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gspcav-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ivtv-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kqemu-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nouveau-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:omnibook-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcc-acpi-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tpctl-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:uvcvideo-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vmware-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wlan-ng-kmp-debug");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/02/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"acerhk-kmp-debug-0.5.35_2.6.25.20_0.6-98.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"acx-kmp-debug-20080210_2.6.25.20_0.6-4.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"appleir-kmp-debug-1.1_2.6.25.20_0.6-108.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"at76_usb-kmp-debug-0.17_2.6.25.20_0.6-2.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"atl2-kmp-debug-2.0.4_2.6.25.20_0.6-4.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"aufs-kmp-debug-cvs20080429_2.6.25.20_0.6-13.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"dazuko-kmp-debug-2.3.4.4_2.6.25.20_0.6-42.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"drbd-kmp-debug-8.2.6_2.6.25.20_0.6-0.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"gspcav-kmp-debug-01.00.20_2.6.25.20_0.6-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"iscsitarget-kmp-debug-0.4.15_2.6.25.20_0.6-63.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"ivtv-kmp-debug-1.0.3_2.6.25.20_0.6-66.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-debug-2.6.25.20-0.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-default-2.6.25.20-0.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-pae-2.6.25.20-0.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-source-2.6.25.20-0.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-syms-2.6.25.20-0.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-vanilla-2.6.25.20-0.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-xen-2.6.25.20-0.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kqemu-kmp-debug-1.3.0pre11_2.6.25.20_0.6-7.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"nouveau-kmp-debug-0.10.1.20081112_2.6.25.20_0.6-0.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"omnibook-kmp-debug-20080313_2.6.25.20_0.6-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"pcc-acpi-kmp-debug-0.9_2.6.25.20_0.6-4.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"pcfclock-kmp-debug-0.44_2.6.25.20_0.6-207.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"tpctl-kmp-debug-4.17_2.6.25.20_0.6-189.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"uvcvideo-kmp-debug-r200_2.6.25.20_0.6-2.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"virtualbox-ose-kmp-debug-1.5.6_2.6.25.20_0.6-33.5") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"vmware-kmp-debug-2008.04.14_2.6.25.20_0.6-21.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"wlan-ng-kmp-debug-0.2.8_2.6.25.20_0.6-107.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acerhk-kmp-debug / acx-kmp-debug / appleir-kmp-debug / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from VMware Security Advisory 2010-0004. 
# The text itself is copyright (C) VMware Inc.
#

include("compat.inc");

if (description)
{
  script_id(44993);
  script_version("1.31");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id("CVE-2008-3916", "CVE-2008-4316", "CVE-2008-4552", "CVE-2009-0115", "CVE-2009-0590", "CVE-2009-1189", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1386", "CVE-2009-1387", "CVE-2009-2695", "CVE-2009-2849", "CVE-2009-2904", "CVE-2009-2905", "CVE-2009-2908", "CVE-2009-3228", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3560", "CVE-2009-3563", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3720", "CVE-2009-3726", "CVE-2009-4022");
  script_bugtraq_id(30815, 31602, 31823, 34100, 34256, 35001, 35138, 35174, 36304, 36515, 36552, 36639, 36706, 36723, 36824, 36827, 36901, 36936, 37118, 37203, 37255);
  script_xref(name:"VMSA", value:"2010-0004");

  script_name(english:"VMSA-2010-0004 : ESX Service Console and vMA third-party updates");
  script_summary(english:"Checks esxupdate output for the patches");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote VMware ESX host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1

   Newt is a programming library for color text mode, widget based
   user interfaces. Newt can be used to add stacked windows, entry
   widgets, checkboxes, radio buttons, labels, plain text fields,
   scrollbars, etc., to text mode user interfaces.

   A heap-based buffer overflow flaw was found in the way newt
   processes content that is to be displayed in a text dialog box.
   A local attacker could issue a specially crafted text dialog box
   display request (direct or via a custom application), leading to a
   denial of service (application crash) or, potentially, arbitrary
   code execution with the privileges of the user running the
   application using the newt library.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-2905 to this issue.

b. vMA and Service Console update for vMA package nfs-utils to
   1.0.9-42.el5

   The nfs-utils package provides a daemon for the kernel NFS server
   and related tools.

   It was discovered that nfs-utils did not use tcp_wrappers
   correctly.  Certain hosts access rules defined in '/etc/hosts.allow'
   and '/etc/hosts.deny' may not have been honored, possibly allowing
   remote attackers to bypass intended access restrictions.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2008-4552 to this issue.

c. vMA and Service Console package glib2 updated to 2.12.3-4.el5_3.1

   GLib is the low-level core library that forms the basis for
   projects such as GTK+ and GNOME. It provides data structure
   handling for C, portability wrappers, and interfaces for such
   runtime functionality as an event loop, threads, dynamic loading,
   and an object system.

   Multiple integer overflows in glib/gbase64.c in GLib before 2.20
   allow context-dependent attackers to execute arbitrary code via a
   long string that is converted either from or to a base64
   representation.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2008-4316 to this issue.

d. vMA and Service Console update for openssl to 0.9.8e-12.el5

   SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-
   strength cryptography world-wide.

   Multiple denial of service flaws were discovered in OpenSSL's DTLS
   implementation. A remote attacker could use these flaws to cause a
   DTLS server to use excessive amounts of memory, or crash on an
   invalid memory access or NULL pointer dereference.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the names CVE-2009-1377, CVE-2009-1378,
   CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 to these issues.

   An input validation flaw was found in the handling of the BMPString
   and UniversalString ASN1 string types in OpenSSL's
   ASN1_STRING_print_ex() function. An attacker could use this flaw to
   create a specially crafted X.509 certificate that could cause
   applications using the affected function to crash when printing
   certificate contents.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-0590 to this issue.

e. vMA and Service Console package bind updated to 9.3.6-4.P1.el5_4.1

   It was discovered that BIND was incorrectly caching responses
   without performing proper DNSSEC validation, when those responses
   were received during the resolution of a recursive client query
   that requested DNSSEC records but indicated that checking should be
   disabled. A remote attacker could use this flaw to bypass the DNSSEC
   validation check and perform a cache poisoning attack if the target
   BIND server was receiving such client queries.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-4022 to this issue.

f. vMA and Service Console package expat updated to 1.95.8-8.3.el5_4.2.

   Two buffer over-read flaws were found in the way Expat handled
   malformed UTF-8 sequences when processing XML files. A specially-
   crafted XML file could cause applications using Expat to fail while
   parsing the file.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the names CVE-2009-3560 and CVE-2009-3720 to these
   issues.

g. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2

   A Red Hat specific patch used in the openssh packages as shipped in
   Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain
   ownership requirements for directories used as arguments for the
   ChrootDirectory configuration options. A malicious user that also
   has or previously had non-chroot shell access to a system could
   possibly use this flaw to escalate their privileges and run
   commands as any system user.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-2904 to this issue.

h. vMA and Service Console package ntp updated to
   ntp-4.2.2p1-9.el5_4.1.i386.rpm

   A flaw was discovered in the way ntpd handled certain malformed NTP
   packets. ntpd logged information about all such packets and replied
   with an NTP packet that was treated as malformed when received by
   another ntpd. A remote attacker could use this flaw to create an NTP
   packet reply loop between two ntpd servers through a malformed packet
   with a spoofed source IP address and port, causing ntpd on those
   servers to use excessive amounts of CPU time and fill disk space with
   log messages.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-3563 to this issue.   

i. vMA update for package kernel to 2.6.18-164.9.1.el5

   Updated vMA package kernel addresses the security issues listed
   below.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the name CVE-2009-2849 to the security issue fixed in
   kernel 2.6.18-128.2.1

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,
   CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues
   fixed in kernel 2.6.18-128.6.1

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621,
   CVE-2009-3726 to the security issues fixed in kernel
   2.6.18-128.9.1

j. vMA 4.0 updates for the packages kpartx, libvolume-id,
   device-mapper-multipath, fipscheck, dbus, dbus-libs, and ed

   kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to
   095-14.20.el5 device-mapper-multipath package updated to
   0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus
   updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5,
   and ed package updated to 0.2-39.el5_2.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the names CVE-2008-3916, CVE-2009-1189 and
   CVE-2009-0115 to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.vmware.com/pipermail/security-announce/2010/000104.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
  script_family(english:"VMware ESX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
  script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");

  exit(0);
}


include("audit.inc");
include("vmware_esx_packages.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
if (
  !get_kb_item("Host/VMware/esxcli_software_vibs") &&
  !get_kb_item("Host/VMware/esxupdate")
) audit(AUDIT_PACKAGE_LIST_MISSING);


init_esx_check(date:"2010-03-03");
flag = 0;


if (esx_check(ver:"ESX 3.5.0", patch:"ESX350-201006407-SG")) flag++;
if (esx_check(ver:"ESX 3.5.0", patch:"ESX350-201008406-SG")) flag++;

if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201002404-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201002406-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201002407-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005403-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005404-SG",
    patch_updates : make_list("ESX400-201404402-SG", "ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2013-0039.
#

include("compat.inc");

if (description)
{
  script_id(79507);
  script_version("1.25");
  script_cvs_date("Date: 2020/02/13");

  script_cve_id("CVE-2006-6304", "CVE-2007-4567", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2908", "CVE-2009-3080", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3726", "CVE-2009-4020", "CVE-2009-4021", "CVE-2009-4067", "CVE-2009-4138", "CVE-2009-4141", "CVE-2009-4307", "CVE-2009-4308", "CVE-2009-4536", "CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0007", "CVE-2010-0415", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0727", "CVE-2010-1083", "CVE-2010-1084", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1173", "CVE-2010-1188", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2226", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2798", "CVE-2010-2942", "CVE-2010-2963", "CVE-2010-3067", "CVE-2010-3078", "CVE-2010-3086", "CVE-2010-3296", "CVE-2010-3432", "CVE-2010-3442", "CVE-2010-3477", "CVE-2010-3858", "CVE-2010-3859", "CVE-2010-3876", "CVE-2010-3877", "CVE-2010-4073", "CVE-2010-4080", "CVE-2010-4081", "CVE-2010-4083", "CVE-2010-4157", "CVE-2010-4158", "CVE-2010-4242", "CVE-2010-4248", "CVE-2010-4249", "CVE-2010-4258", "CVE-2010-4346", "CVE-2010-4649", "CVE-2010-4655", "CVE-2011-0521", "CVE-2011-0726", "CVE-2011-1010", "CVE-2011-1020", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1083", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1162", "CVE-2011-1163", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-3637", "CVE-2011-3638", "CVE-2011-4077", "CVE-2011-4086", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4324", "CVE-2011-4330", "CVE-2011-4348", "CVE-2012-1583", "CVE-2012-2136");
  script_bugtraq_id(35281, 35647, 35850, 35851, 35930, 36038, 36472, 36639, 36723, 36824, 36827, 36901, 36936, 37068, 37069, 37339, 37519, 37521, 37523, 37762, 37806, 38144, 38165, 38185, 38479, 38898, 39016, 39042, 39044, 39101, 39569, 39715, 39719, 39794, 40356, 40920, 42124, 42242, 42249, 42505, 42529, 43022, 43221, 43353, 43480, 43787, 43809, 44242, 44301, 44354, 44630, 44648, 44754, 44758, 45014, 45028, 45037, 45058, 45063, 45073, 45159, 45323, 45972, 45986, 46073, 46488, 46492, 46567, 46616, 46630, 46766, 46793, 46866, 46878, 47003, 47308, 47321, 47343, 47381, 47534, 47535, 47791, 47796, 47843, 48236, 48333, 48383, 48641, 48687, 49108, 49141, 49295, 49373, 50322, 50370, 50750, 50755, 50764, 50798, 51176, 51361, 51363, 51945, 53139, 53721);

  script_name(english:"OracleVM 2.2 : kernel (OVMSA-2013-0039)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates : please see Oracle VM Security Advisory
OVMSA-2013-0039 for details."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/oraclevm-errata/2013-May/000153.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);

flag = 0;
if (rpm_check(release:"OVS2.2", reference:"kernel-2.6.18-128.2.1.5.10.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"kernel-PAE-2.6.18-128.2.1.5.10.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"kernel-PAE-devel-2.6.18-128.2.1.5.10.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"kernel-devel-2.6.18-128.2.1.5.10.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"kernel-ovs-2.6.18-128.2.1.5.10.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"kernel-ovs-devel-2.6.18-128.2.1.5.10.el5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / kernel-ovs / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2009-11032.
#

include("compat.inc");

if (description)
{
  script_id(42400);
  script_version("1.22");
  script_cvs_date("Date: 2019/08/02 13:32:29");

  script_cve_id("CVE-2009-3547", "CVE-2009-3621", "CVE-2009-3624", "CVE-2009-3638");
  script_bugtraq_id(36723, 36793, 36803, 36901);
  script_xref(name:"FEDORA", value:"2009-11032");

  script_name(english:"Fedora 11 : kernel-2.6.30.9-96.fc11 (2009-11032)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Tue Nov 3 2009 Kyle McMartin <kyle at redhat.com>
    2.6.30.9-96

    - fs/pipe.c: fix NULL pointer dereference
      (CVE-2009-3547)

    - Sun Oct 25 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-95

    - Disable the stack protector on functions that don't
      have onstack arrays.

    - Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-94

    - Fix overflow in KVM cpuid code. (CVE-2009-3638)

    - Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-93

    - Fix exploitable oops in keyring code (CVE-2009-3624)

    - Wed Oct 21 2009 Kyle McMartin <kyle at redhat.com>

    - shut-up-LOCK_TEST_WITH_RETURN.patch: sort out
      #445331... or paper bag over it for now until the lock
      warnings can be killed.

  - Mon Oct 19 2009 Kyle McMartin <kyle at redhat.com>

    -
      af_unix-fix-deadlock-connecting-to-shutdown-socket.pat
      ch: fix for rhbz#529626 local DoS. (CVE-2009-3621)

  - Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com>
    2.6.30.9-90

    - Fix null deref in r128 (F10#487546) (CVE-2009-3620)

    - Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-89

    - Keyboard and mouse fixes from 2.6.32 (#522126)

    - Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-88

    - Scheduler wakeup patch, fixes high latency on wakeup
      (sched-update-the-clock-of-runqueue-select-task-rq-sel
      ected.patch)

  - Fri Oct 16 2009 Chuck Ebbert <cebbert at redhat.com>
    2.6.30.9-87

    - Fix uninitialized data leak in netlink (CVE-2009-3612)

    - Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-86

    - AX.25 security fix (CVE-2009-2909)

    - Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-85

    - Disable CONFIG_USB_STORAGE_CYPRESS_ATACB because it
      causes failure to boot from USB disks using Cypress
      bridges (#524998)

  - Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com>
    2.6.30.9-84

    - Copy libata drive detection fix from 2.6.31.4
      (#524756)

    - Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-83

    - Networking fixes taken from 2.6.31-stable

    - Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-82

    - Fix boot hang with ACPI on some systems.

    - Mon Oct 12 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-81

    - Critical ftrace fixes:
      ftrace-use-module-notifier-for-function-tracer.patch
      ftrace-check-for-failure-for-all-conversions.patch
      tracing-correct-module-boundaries-for-ftrace_release.p
      atch

  - Thu Oct 8 2009 Ben Skeggs <bskeggs at redhat.com>
    2.6.30.9-80

    - ppc: compile nvidiafb as a module only,
      nvidiafb+nouveau = bang! (rh#491308)

    - Wed Oct 7 2009 Dave Jones <davej at redhat.com>
      2.6.30.9-78

    - Disable IRQSOFF tracer. (Adds unnecessary overhead
      when unused)

    - Wed Oct 7 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-77

    - eCryptfs fixes taken from 2.6.31.2 (fixes
      CVE-2009-2908)

    - Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-76

    - fix race in forcedeth network driver (#526546)

    - Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-75

    - x86: Don't leak 64-bit reg contents to 32-bit tasks.

    - Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com>
      2.6.30.9-74

[plus 194 lines in the Changelog]

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=529626"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=530283"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=530490"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=530515"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/030674.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2c4aae2b"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(189, 310, 362);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC11", reference:"kernel-2.6.30.9-96.fc11")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1670 and 
# CentOS Errata and Security Advisory 2009:1670 respectively.
#

include("compat.inc");

if (description)
{
  script_id(43812);
  script_version("1.17");
  script_cvs_date("Date: 2019/10/25 13:36:05");

  script_cve_id("CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3726");
  script_bugtraq_id(36723, 36824, 36827, 36936);
  script_xref(name:"RHSA", value:"2009:1670");

  script_name(english:"CentOS 5 : kernel (CESA-2009:1670)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes :

* NULL pointer dereference flaws in the r128 driver. Checks to test if
the Concurrent Command Engine state was initialized were missing in
private IOCTL functions. An attacker could use these flaws to cause a
local denial of service or escalate their privileges. (CVE-2009-3620,
Important)

* a NULL pointer dereference flaw in the NFSv4 implementation. Several
NFSv4 file locking functions failed to check whether a file had been
opened on the server before performing locking operations on it. A
local user on a system with an NFSv4 share mounted could possibly use
this flaw to cause a denial of service or escalate their privileges.
(CVE-2009-3726, Important)

* a flaw in tcf_fill_node(). A certain data structure in this function
was not initialized properly before being copied to user-space. This
could lead to an information leak. (CVE-2009-3612, Moderate)

* unix_stream_connect() did not check if a UNIX domain socket was in
the shutdown state. This could lead to a deadlock. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2009-3621, Moderate)

Knowledgebase DOC-20536 has steps to mitigate NULL pointer dereference
flaws.

Bug fixes :

* frequently changing a CPU between online and offline caused a kernel
panic on some systems. (BZ#545583)

* for the LSI Logic LSI53C1030 Ultra320 SCSI controller, read commands
sent could receive incorrect data, preventing correct data transfer.
(BZ#529308)

* pciehp could not detect PCI Express hot plug slots on some systems.
(BZ#530383)

* soft lockups: inotify race and contention on dcache_lock.
(BZ#533822, BZ#537019)

* priority ordered lists are now used for threads waiting for a given
mutex. (BZ#533858)

* a deadlock in DLM could cause GFS2 file systems to lock up.
(BZ#533859)

* use-after-free bug in the audit subsystem crashed certain systems
when running usermod. (BZ#533861)

* on certain hardware configurations, a kernel panic when the Broadcom
iSCSI offload driver (bnx2i.ko and cnic.ko) was loaded. (BZ#537014)

* qla2xxx: Enabled MSI-X, and correctly handle the module parameter to
control it. This improves performance for certain systems. (BZ#537020)

* system crash when reading the cpuaffinity file on a system.
(BZ#537346)

* suspend-resume problems on systems with lots of logical CPUs, e.g.
BX-EX. (BZ#539674)

* off-by-one error in the legacy PCI bus check. (BZ#539675)

* TSC was not made available on systems with multi-clustered APICs.
This could cause slow performance for time-sensitive applications.
(BZ#539676)

* ACPI: ARB_DISABLE now disabled on platforms that do not need it.
(BZ#539677)

* fix node to core and power-aware scheduling issues, and a kernel
panic during boot on certain AMD Opteron processors. (BZ#539678,
BZ#540469, BZ#539680, BZ#539682)

* APIC timer interrupt issues on some AMD Opteron systems prevented
achieving full power savings. (BZ#539681)

* general OProfile support for some newer Intel processors.
(BZ#539683)

* system crash during boot when NUMA is enabled on systems using MC
and kernel-xen. (BZ#539684)

* on some larger systems, performance issues due to a spinlock.
(BZ#539685)

* APIC errors when IOMMU is enabled on some AMD Opteron systems.
(BZ#539687)

* on some AMD Opteron systems, repeatedly taking a CPU offline then
online caused a system hang. (BZ#539688)

* I/O page fault errors on some systems. (BZ#539689)

* certain memory configurations could cause the kernel-xen kernel to
fail to boot on some AMD Opteron systems. (BZ#539690)

* NMI watchdog is now disabled for offline CPUs. (BZ#539691)

* duplicate directories in /proc/acpi/processor/ on BX-EX systems.
(BZ#539692)

* links did not come up when using bnx2x with certain Broadcom
devices. (BZ#540381)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect."
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-December/016374.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a646dec9"
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-December/016375.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b39f64d1"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20, 200, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-164.9.1.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(89737);
  script_version("1.5");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id(
    "CVE-2008-3916",
    "CVE-2008-4316",
    "CVE-2008-4552",
    "CVE-2009-0115",
    "CVE-2009-0590",
    "CVE-2009-1189",
    "CVE-2009-1377",
    "CVE-2009-1378",
    "CVE-2009-1379",
    "CVE-2009-1386",
    "CVE-2009-1387",
    "CVE-2009-2695",
    "CVE-2009-2849",
    "CVE-2009-2904",
    "CVE-2009-2905",
    "CVE-2009-2908",
    "CVE-2009-3228",
    "CVE-2009-3286",
    "CVE-2009-3547",
    "CVE-2009-3560",
    "CVE-2009-3563",
    "CVE-2009-3612",
    "CVE-2009-3613",
    "CVE-2009-3620",
    "CVE-2009-3621",
    "CVE-2009-3720",
    "CVE-2009-3726",
    "CVE-2009-4022"
  );
  script_bugtraq_id(
    30815,
    31602,
    31823,
    34100,
    34256,
    35001,
    35138,
    35174,
    36304,
    36515,
    36552,
    36639,
    36706,
    36723,
    36824,
    36827,
    36901,
    36936,
    37118,
    37203,
    37255
  );
  script_xref(name:"VMSA", value:"2010-0004");

  script_name(english:"VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)");
  script_summary(english:"Checks the ESX / ESXi version and build number.");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESX host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESX host is missing a security-related patch. It is,
therefore, affected by multiple vulnerabilities, including remote code
execution vulnerabilities, in several third-party components and
libraries :

  - bind
  - expat
  - glib2
  - Kernel
  - newt
  - nfs-utils
  - NTP
  - OpenSSH
  - OpenSSL");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2010-0004");
  script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2010/000104.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 3.5 / 4.0.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
  script_family(english:"VMware ESX Local Security Checks");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
esx = '';

if ("ESX" >!< rel)
  audit(AUDIT_OS_NOT, "VMware ESX/ESXi");

extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
else
{
  esx = extract[1];
  ver = extract[2];
}

# fixed build numbers are the same for ESX and ESXi
fixes = make_array(
          "4.0", "236512",
          "3.5", "283373"
        );

fix = FALSE;
fix = fixes[ver];

# get the build before checking the fix for the most complete audit trail
extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);

build = int(extract[1]);

# if there is no fix in the array, fix is FALSE
if (!fix)
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);

if (build < fix)
{

  report = '\n  Version         : ' + esx + " " + ver +
           '\n  Installed build : ' + build +
           '\n  Fixed build     : ' + fix +
           '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
  exit(0);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2009-10639.
#

include("compat.inc");

if (description)
{
  script_id(42271);
  script_version("1.28");
  script_cvs_date("Date: 2019/08/02 13:32:28");

  script_cve_id("CVE-2009-2903", "CVE-2009-2908", "CVE-2009-2909", "CVE-2009-2910", "CVE-2009-3290", "CVE-2009-3612");
  script_bugtraq_id(36379, 36512, 36576, 36635, 36639);
  script_xref(name:"FEDORA", value:"2009-10639");

  script_name(english:"Fedora 11 : kernel-2.6.30.9-90.fc11 (2009-10639)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to kernel 2.6.30.9. Upstream change logs:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.9 Also
fixes :

  - Kernel stack randomization bug - NULL dereference in
    r128 driver - ftrace memory corruption on module unload
    - boot hanging on some systems - some latency problems
    caused by scheduler bugs

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.9
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?856e295c"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=522331"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=524124"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=526788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=527534"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=528868"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=528887"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030287.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3cb67549"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(189, 200, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC11", reference:"kernel-2.6.30.9-90.fc11")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1541. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(42357);
  script_version ("1.44");
  script_cvs_date("Date: 2019/10/25 13:36:14");

  script_cve_id("CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621");
  script_bugtraq_id(36901);
  script_xref(name:"RHSA", value:"2009:1541");

  script_name(english:"RHEL 4 : kernel (RHSA-2009:1541)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix security issues are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* a NULL pointer dereference flaw was found in each of the following
functions in the Linux kernel: pipe_read_open(), pipe_write_open(),
and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe
pointer could be released by other processes before it is used to
update the pipe's reader and writer counters. This could lead to a
local denial of service or privilege escalation. (CVE-2009-3547,
Important)

Users should upgrade to these updated packages, which contain a
backported patch to correct these issues. The system must be rebooted
for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-3547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2009:1541"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(16, 20, 119, 200, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2009:1541");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2009:1541";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL4", reference:"kernel-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", reference:"kernel-devel-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", reference:"kernel-doc-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-devel-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-devel-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-devel-2.6.9-89.0.16.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-89.0.16.EL")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
  }
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1550. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(42360);
  script_version ("1.46");
  script_cvs_date("Date: 2019/10/25 13:36:14");

  script_cve_id("CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2848", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621");
  script_bugtraq_id(32154, 34405, 35185, 35647, 35930, 36176, 36901);
  script_xref(name:"RHSA", value:"2009:1550");

  script_name(english:"RHEL 3 : kernel (RHSA-2009:1550)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix several security issues and multiple
bugs are now available for Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes :

* when fput() was called to close a socket, the __scm_destroy()
function in the Linux kernel could make indirect recursive calls to
itself. This could, potentially, lead to a denial of service issue.
(CVE-2008-5029, Important)

* the sendmsg() function in the Linux kernel did not block during UNIX
socket garbage collection. This could, potentially, lead to a local
denial of service. (CVE-2008-5300, Important)

* the exit_notify() function in the Linux kernel did not properly
reset the exit signal if a process executed a set user ID (setuid)
application before exiting. This could allow a local, unprivileged
user to elevate their privileges. (CVE-2009-1337, Important)

* a flaw was found in the Intel PRO/1000 network driver in the Linux
kernel. Frames with sizes near the MTU of an interface may be split
across multiple hardware receive descriptors. Receipt of such a frame
could leak through a validation check, leading to a corruption of the
length check. A remote attacker could use this flaw to send a
specially crafted packet that would cause a denial of service or code
execution. (CVE-2009-1385, Important)

* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared
when a setuid or setgid program was executed. A local, unprivileged
user could use this flaw to bypass the mmap_min_addr protection
mechanism and perform a NULL pointer dereference attack, or bypass the
Address Space Layout Randomization (ASLR) security feature.
(CVE-2009-1895, Important)

* it was discovered that, when executing a new process, the
clear_child_tid pointer in the Linux kernel is not cleared. If this
pointer points to a writable portion of the memory of the new program,
the kernel could corrupt four bytes of memory, possibly leading to a
local denial of service or privilege escalation. (CVE-2009-2848,
Important)

* missing initialization flaws were found in getname() implementations
in the IrDA sockets, AppleTalk DDP protocol, NET/ROM protocol, and
ROSE protocol implementations in the Linux kernel. Certain data
structures in these getname() implementations were not initialized
properly before being copied to user-space. These flaws could lead to
an information leak. (CVE-2009-3002, Important)

* a NULL pointer dereference flaw was found in each of the following
functions in the Linux kernel: pipe_read_open(), pipe_write_open(),
and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe
pointer could be released by other processes before it is used to
update the pipe's reader and writer counters. This could lead to a
local denial of service or privilege escalation. (CVE-2009-3547,
Important)

Bug fixes :

* this update adds the mmap_min_addr tunable and restriction checks to
help prevent unprivileged users from creating new memory mappings
below the minimum address. This can help prevent the exploitation of
NULL pointer dereference bugs. Note that mmap_min_addr is set to zero
(disabled) by default for backwards compatibility. (BZ#512642)

* a bridge reference count problem in IPv6 has been fixed. (BZ#457010)

* enforce null-termination of user-supplied arguments to setsockopt().
(BZ#505514)

* the gcc flag '-fno-delete-null-pointer-checks' was added to the
kernel build options. This prevents gcc from optimizing out NULL
pointer checks after the first use of a pointer. NULL pointer bugs are
often exploited by attackers. Keeping these checks is a safety
measure. (BZ#511185)

* a check has been added to the IPv4 code to make sure that rt is not
NULL, to help prevent future bugs in functions that call
ip_append_data() from being exploitable. (BZ#520300)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2008-5029"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2008-5300"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-1337"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-1385"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-1895"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-2848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-3002"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-3547"
  );
  # http://kbase.redhat.com/faq/docs/DOC-17866
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/articles/17845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2009:1550"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/11/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2008-5029", "CVE-2008-5300", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-2691", "CVE-2009-2695", "CVE-2009-2848", "CVE-2009-2849", "CVE-2009-2910", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2009:1550");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2009:1550";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL3", reference:"kernel-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-doc-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-unsupported-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-unsupported-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-source-2.4.21-63.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-unsupported-2.4.21-63.EL")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc");
  }
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1522 and 
# CentOS Errata and Security Advisory 2009:1522 respectively.
#

include("compat.inc");

if (description)
{
  script_id(42257);
  script_version("1.15");
  script_cvs_date("Date: 2019/10/25 13:36:05");

  script_cve_id("CVE-2005-4881", "CVE-2009-3228", "CVE-2009-3612");
  script_bugtraq_id(36304);
  script_xref(name:"RHSA", value:"2009:1522");

  script_name(english:"CentOS 4 : kernel (CESA-2009:1522)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* multiple, missing initialization flaws were found in the Linux
kernel. Padding data in several core network structures was not
initialized properly before being sent to user-space. These flaws
could lead to information leaks. (CVE-2005-4881, CVE-2009-3228,
Moderate)

This update also fixes the following bugs :

* a packet duplication issue was fixed via the RHSA-2008:0665 update;
however, the fix introduced a problem for systems using network
bonding: Backup slaves were unable to receive ARP packets. When using
network bonding in the 'active-backup' mode and with the
'arp_validate=3' option, the bonding driver considered such backup
slaves as being down (since they were not receiving ARP packets),
preventing successful failover to these devices. (BZ#519384)

* due to insufficient memory barriers in the network code, a process
sleeping in select() may have missed notifications about new data. In
rare cases, this bug may have caused a process to sleep forever.
(BZ#519386)

* the driver version number in the ata_piix driver was not changed
between Red Hat Enterprise Linux 4.7 and Red Hat Enterprise Linux 4.8,
even though changes had been made between these releases. This could
have prevented the driver from loading on systems that check driver
versions, as this driver appeared older than it was. (BZ#519389)

* a bug in nlm_lookup_host() could have led to un-reclaimed locks on
file systems, resulting in the umount command failing. This bug could
have also prevented NFS services from being relocated correctly in
clustered environments. (BZ#519656)

* the data buffer ethtool_get_strings() allocated, for the igb driver,
was smaller than the amount of data that was copied in
igb_get_strings(), because of a miscalculation in IGB_QUEUE_STATS_LEN,
resulting in memory corruption. This bug could have led to a kernel
panic. (BZ#522738)

* in some situations, write operations to a TTY device were blocked
even when the O_NONBLOCK flag was used. A reported case of this issue
occurred when a single TTY device was opened by two users (one using
blocking mode, and the other using non-blocking mode). (BZ#523930)

* a deadlock was found in the cciss driver. In rare cases, this caused
an NMI lockup during boot. Messages such as 'cciss: controller
cciss[x] failed, stopping.' and 'cciss[x]: controller not responding.'
may have been displayed on the console. (BZ#525725)

* on 64-bit PowerPC systems, a rollover bug in the ibmveth driver
could have caused a kernel panic. In a reported case, this panic
occurred on a system with a large uptime and under heavy network load.
(BZ#527225)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect."
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-October/016196.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?07e2891f"
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-October/016197.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6b4ecd8f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(200);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-devel-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-devel-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-doc-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-doc-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-89.0.15.EL")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-89.0.15.EL")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1928. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(44793);
  script_version("1.30");
  script_cvs_date("Date: 2019/08/02 13:32:22");

  script_cve_id("CVE-2009-2846", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2849", "CVE-2009-2903", "CVE-2009-2908", "CVE-2009-2909", "CVE-2009-2910", "CVE-2009-3001", "CVE-2009-3002", "CVE-2009-3228", "CVE-2009-3238", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621");
  script_bugtraq_id(35930, 36004, 36176, 36304, 36379, 36472, 36576, 36635, 36639, 36706, 36723, 36788, 36824, 36827, 36901);
  script_xref(name:"DSA", value:"1928");

  script_name(english:"Debian DSA-1928-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2009-2846
    Michael Buesch noticed a typing issue in the eisa-eeprom
    driver for the hppa architecture. Local users could
    exploit this issue to gain access to restricted memory.

  - CVE-2009-2847
    Ulrich Drepper noticed an issue in the do_sigalstack
    routine on 64-bit systems. This issue allows local users
    to gain access to potentially sensitive memory on the
    kernel stack.

  - CVE-2009-2848
    Eric Dumazet discovered an issue in the execve path,
    where the clear_child_tid variable was not being
    properly cleared. Local users could exploit this issue
    to cause a denial of service (memory corruption).

  - CVE-2009-2849
    Neil Brown discovered an issue in the sysfs interface to
    md devices. When md arrays are not active, local users
    can exploit this vulnerability to cause a denial of
    service (oops).

  - CVE-2009-2903
    Mark Smith discovered a memory leak in the appletalk
    implementation. When the appletalk and ipddp modules are
    loaded, but no ipddp'N' device is found, remote
    attackers can cause a denial of service by consuming
    large amounts of system memory.

  - CVE-2009-2908
    Loic Minier discovered an issue in the eCryptfs
    filesystem. A local user can cause a denial of service
    (kernel oops) by causing a dentry value to go negative.

  - CVE-2009-2909
    Arjan van de Ven discovered an issue in the AX.25
    protocol implementation. A specially crafted call to
    setsockopt() can result in a denial of service (kernel
    oops).

  - CVE-2009-2910
    Jan Beulich discovered the existence of a sensitive
    kernel memory leak. Systems running the 'amd64' kernel
    do not properly sanitize registers for 32-bit processes.

  - CVE-2009-3001
    Jiri Slaby fixed a sensitive memory leak issue in the
    ANSI/IEEE 802.2 LLC implementation. This is not
    exploitable in the Debian lenny kernel as root
    privileges are required to exploit this issue.

  - CVE-2009-3002
    Eric Dumazet fixed several sensitive memory leaks in the
    IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and
    Controller Area Network (CAN) implementations. Local
    users can exploit these issues to gain access to kernel
    memory.

  - CVE-2009-3228
    Eric Dumazet reported an instance of uninitialized
    kernel memory in the network packet scheduler. Local
    users may be able to exploit this issue to read the
    contents of sensitive kernel memory.

  - CVE-2009-3238
    Linus Torvalds provided a change to the get_random_int()
    function to increase its randomness.

  - CVE-2009-3286
    Eric Paris discovered an issue with the NFSv4 server
    implementation. When an O_EXCL create fails, files may
    be left with corrupted permissions, possibly granting
    unintentional privileges to other local users.

  - CVE-2009-3547
    Earl Chew discovered a NULL pointer dereference issue in
    the pipe_rdwr_open function which can be used by local
    users to gain elevated privileges.

  - CVE-2009-3612
    Jiri Pirko discovered a typo in the initialization of a
    structure in the netlink subsystem that may allow local
    users to gain access to sensitive kernel memory.

  - CVE-2009-3613
    Alistair Strachan reported an issue in the r8169 driver.
    Remote users can cause a denial of service (IOMMU space
    exhaustion and system crash) by transmitting a large
    amount of jumbo frames.

  - CVE-2009-3620
    Ben Hutchings discovered an issue in the DRM manager for
    ATI Rage 128 graphics adapters. Local users may be able
    to exploit this vulnerability to cause a denial of
    service (NULL pointer dereference).

  - CVE-2009-3621
    Tomoki Sekiyama discovered a deadlock condition in the
    UNIX domain socket implementation. Local users can
    exploit this vulnerability to cause a denial of service
    (system hang)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2846"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2908"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2909"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2910"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3002"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3228"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3238"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3286"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3613"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3620"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-3621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2009/dsa-1928"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the linux-2.6.24 packages.

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.24-6~etchnhalf.9etch1.

Note: Debian 'etch' includes linux kernel packages based upon both the
2.6.18 and 2.6.24 linux releases. All known security issues are
carefully tracked against both packages and both packages will receive
security updates until security support for Debian 'etch' concludes.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, lower severity 2.6.18 and 2.6.24 updates will
typically release in a staggered or 'leap-frog' fashion."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 189, 200, 264, 310, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6.24");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"linux-doc-2.6.24", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-486", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-4kc-malta", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-5kc-malta", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-686", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-686-bigmem", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-alpha", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-amd64", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-hppa", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-i386", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-ia64", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-mipsel", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-alpha-generic", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-alpha-legacy", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-alpha-smp", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-amd64", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-common", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-itanium", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-mckinley", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-parisc", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-parisc-smp", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-parisc64", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-parisc64-smp", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-486", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-4kc-malta", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-5kc-malta", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-686", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-686-bigmem", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-alpha-generic", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-alpha-legacy", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-alpha-smp", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-amd64", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-itanium", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-mckinley", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-parisc", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-parisc-smp", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-parisc64", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-parisc64-smp", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-r5k-cobalt", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-manual-2.6.24", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-patch-debian-2.6.24", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-source-2.6.24", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-support-2.6.24-etchnhalf.1", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;
if (deb_check(release:"4.0", prefix:"linux-tree-2.6.24", reference:"2.6.24-6~etchnhalf.9etch1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from VMware Security Advisory 2010-0009. 
# The text itself is copyright (C) VMware Inc.
#

include("compat.inc");

if (description)
{
  script_id(46765);
  script_version("1.43");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id("CVE-2006-6304", "CVE-2007-4567", "CVE-2009-0590", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1384", "CVE-2009-1386", "CVE-2009-1387", "CVE-2009-2409", "CVE-2009-2695", "CVE-2009-2908", "CVE-2009-2910", "CVE-2009-3080", "CVE-2009-3228", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3556", "CVE-2009-3563", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3726", "CVE-2009-3736", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4020", "CVE-2009-4021", "CVE-2009-4138", "CVE-2009-4141", "CVE-2009-4212", "CVE-2009-4272", "CVE-2009-4355", "CVE-2009-4536", "CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0001", "CVE-2010-0097", "CVE-2010-0290", "CVE-2010-0382", "CVE-2010-0426", "CVE-2010-0427");
  script_bugtraq_id(31692, 34256, 35001, 35112, 35138, 35174, 35417, 36304, 36472, 36576, 36639, 36706, 36723, 36824, 36827, 36901, 36936, 37019, 37068, 37069, 37118, 37128, 37255, 37339, 37519, 37521, 37523, 37749, 37806, 37865, 37876, 37886, 38432);
  script_xref(name:"VMSA", value:"2010-0009");

  script_name(english:"VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates");
  script_summary(english:"Checks esxupdate output for the patches");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote VMware ESXi / ESX host is missing one or more
security-related patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"a. Service Console update for COS kernel

   Updated COS package 'kernel' addresses the security issues that are
   fixed through versions 2.6.18-164.11.1.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,
   CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues
   fixed in kernel 2.6.18-164.6.1

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621,
   CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537,
   CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080,
   CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,
   CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to
   the security issues fixed in kernel 2.6.18-164.11.1.

b. ESXi userworld update for ntp

   The Network Time Protocol (NTP) is used to synchronize the time of
   a computer client or server to another server or reference time
   source.

   A vulnerability in ntpd could allow a remote attacker to cause a
   denial of service (CPU and bandwidth consumption) by using
   MODE_PRIVATE to send a spoofed (1) request or (2) response packet
   that triggers a continuous exchange of MODE_PRIVATE error responses
   between two NTP daemons.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-3563 to this issue.

c. Service Console package openssl updated to 0.9.8e-12.el5_4.1

   OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with
   full-strength cryptography world-wide.

   A memory leak in the zlib could allow a remote attacker to cause a
   denial of service (memory consumption) via vectors that trigger
   incorrect calls to the CRYPTO_cleanup_all_ex_data function.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-4355 to this issue.

   A vulnerability was discovered which may allow remote attackers to
   spoof certificates by using MD2 design flaws to generate a hash
   collision in less than brute-force time. NOTE: the scope of this
   issue is currently limited because the amount of computation
   required is still large.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-2409 to this issue.

   This update also includes security fixes that were first addressed
   in version openssl-0.9.8e-12.el5.i386.rpm.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378,
   CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues.

d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to
   2.2.14-15.

   Kerberos is a network authentication protocol. It is designed to
   provide strong authentication for client/server applications by
   using secret-key cryptography.

   Multiple integer underflows in the AES and RC4 functionality in the
   crypto library could allow remote attackers to cause a denial of
   service (daemon crash) or possibly execute arbitrary code by
   providing ciphertext with a length that is too short to be valid.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-4212 to this issue.

   The service console package for pam_krb5 is updated to version
   pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In
   some non-default configurations (specifically, where pam_krb5 would
   be the first module to prompt for a password), a remote attacker
   could use this flaw to recognize valid usernames, which would aid a
   dictionary-based password guess attack.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-1384 to this issue.

e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2

   BIND (Berkeley Internet Name Daemon) is by far the most widely used
   Domain Name System (DNS) software on the Internet.

   A vulnerability was discovered which could allow remote attacker to
   add the Authenticated Data (AD) flag to a forged NXDOMAIN response
   for an existing domain.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2010-0097 to this issue.

   A vulnerability was discovered which could allow remote attackers
   to conduct DNS cache poisoning attacks by receiving a recursive
   client query and sending a response that contains CNAME or DNAME
   records, which do not have the intended validation before caching.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2010-0290 to this issue.

   A vulnerability was found in the way that bind handles out-of-
   bailiwick data accompanying a secure response without re-fetching
   from the original source, which could allow remote attackers to
   have an unspecified impact via a crafted response.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2010-0382 to this issue.

   NOTE: ESX does not use the BIND name service daemon by default.

f. Service Console package gcc updated to 3.2.3-60

   The GNU Compiler Collection includes front ends for C, C++,
   Objective-C, Fortran, Java, and Ada, as well as libraries for these
   languages

   GNU Libtool's ltdl.c attempts to open .la library files in the
   current working directory.  This could allow a local user to gain
   privileges via a Trojan horse file.  The GNU C Compiler collection
   (gcc) provided in ESX contains a statically linked version of the
   vulnerable code, and is being replaced.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-3736 to this issue.

g. Service Console package gzip update to 1.3.3-15.rhel3

   gzip is a software application used for file compression

   An integer underflow in gzip's unlzw function on 64-bit platforms
   may allow a remote attacker to trigger an array index error
   leading to a denial of service (application crash) or possibly
   execute arbitrary code via a crafted LZW compressed file.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2010-0001 to this issue.

h. Service Console package sudo updated to 1.6.9p17-6.el5_4

   Sudo (su 'do') allows a system administrator to delegate authority
   to give certain users (or groups of users) the ability to run some
   (or all) commands as root or another user while providing an audit
   trail of the commands and their arguments.

   When a pseudo-command is enabled, sudo permits a match between the
   name of the pseudo-command and the name of an executable file in an
   arbitrary directory, which allows local users to gain privileges
   via a crafted executable file.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2010-0426 to this issue.

   When the runas_default option is used, sudo does not properly set
   group memberships, which allows local users to gain privileges via
   a sudo command.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2010-0427 to this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.vmware.com/pipermail/security-announce/2010/000099.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 119, 189, 200, 264, 287, 310, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/05/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/01");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
  script_family(english:"VMware ESX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
  script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");

  exit(0);
}


include("audit.inc");
include("vmware_esx_packages.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
if (
  !get_kb_item("Host/VMware/esxcli_software_vibs") &&
  !get_kb_item("Host/VMware/esxupdate")
) audit(AUDIT_PACKAGE_LIST_MISSING);


init_esx_check(date:"2010-05-27");
flag = 0;


if (esx_check(ver:"ESX 3.5.0", patch:"ESX350-201006405-SG")) flag++;
if (esx_check(ver:"ESX 3.5.0", patch:"ESX350-201006406-SG")) flag++;
if (
  esx_check(
    ver           : "ESX 3.5.0",
    patch         : "ESX350-201006408-SG",
    patch_updates : make_list("ESX350-201008411-SG")
  )
) flag++;

if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005401-SG",
    patch_updates : make_list("ESX400-201009401-SG", "ESX400-201101401-SG", "ESX400-201103401-SG", "ESX400-201104401-SG", "ESX400-201110401-SG", "ESX400-201111201-SG", "ESX400-201203401-SG", "ESX400-201205401-SG", "ESX400-201206401-SG", "ESX400-201209401-SG", "ESX400-201302401-SG", "ESX400-201305401-SG", "ESX400-201310401-SG", "ESX400-201404401-SG", "ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005405-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005406-SG",
    patch_updates : make_list("ESX400-201009403-SG", "ESX400-201110403-SG", "ESX400-201203407-SG", "ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005407-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005408-SG",
    patch_updates : make_list("ESX400-201103407-SG", "ESX400-201305403-SG", "ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005409-SG",
    patch_updates : make_list("ESX400-201009410-SG", "ESX400-201101404-SG", "ESX400-201305402-SG", "ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;

if (
  esx_check(
    ver           : "ESXi 4.0.0",
    patch         : "ESXi400-201005401-SG",
    patch_updates : make_list("ESXi400-201101401-SG", "ESXi400-201103401-SG", "ESXi400-201104401-SG", "ESXi400-201110401-SG", "ESXi400-201203401-SG", "ESXi400-201205401-SG", "ESXi400-201206401-SG", "ESXi400-201209401-SG", "ESXi400-201302401-SG", "ESXi400-201305401-SG", "ESXi400-201310401-SG", "ESXi400-201404401-SG", "ESXi400-Update02", "ESXi400-Update03", "ESXi400-Update04")
  )
) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60706);
  script_version("1.6");
  script_cvs_date("Date: 2019/10/25 13:36:18");

  script_cve_id("CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3726");

  script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security fixes :

  - NULL pointer dereference flaws in the r128 driver.
    Checks to test if the Concurrent Command Engine state
    was initialized were missing in private IOCTL functions.
    An attacker could use these flaws to cause a local
    denial of service or escalate their privileges.
    (CVE-2009-3620, Important)

  - a NULL pointer dereference flaw in the NFSv4
    implementation. Several NFSv4 file locking functions
    failed to check whether a file had been opened on the
    server before performing locking operations on it. A
    local user on a system with an NFSv4 share mounted could
    possibly use this flaw to cause a denial of service or
    escalate their privileges. (CVE-2009-3726, Important)

  - a flaw in tcf_fill_node(). A certain data structure in
    this function was not initialized properly before being
    copied to user-space. This could lead to an information
    leak. (CVE-2009-3612, Moderate)

  - unix_stream_connect() did not check if a UNIX domain
    socket was in the shutdown state. This could lead to a
    deadlock. A local, unprivileged user could use this flaw
    to cause a denial of service. (CVE-2009-3621, Moderate)

Bug fixes :

  - frequently changing a CPU between online and offline
    caused a kernel panic on some systems. (BZ#545583)

  - for the LSI Logic LSI53C1030 Ultra320 SCSI controller,
    read commands sent could receive incorrect data,
    preventing correct data transfer. (BZ#529308)

  - pciehp could not detect PCI Express hot plug slots on
    some systems. (BZ#530383)

  - soft lockups: inotify race and contention on
    dcache_lock. (BZ#533822, BZ#537019)

  - priority ordered lists are now used for threads waiting
    for a given mutex. (BZ#533858)

  - a deadlock in DLM could cause GFS2 file systems to lock
    up. (BZ#533859)

  - use-after-free bug in the audit subsystem crashed
    certain systems when running usermod. (BZ#533861)

  - on certain hardware configurations, a kernel panic when
    the Broadcom iSCSI offload driver (bnx2i.ko and cnic.ko)
    was loaded. (BZ#537014)

  - qla2xxx: Enabled MSI-X, and correctly handle the module
    parameter to control it. This improves performance for
    certain systems. (BZ#537020)

  - system crash when reading the cpuaffinity file on a
    system. (BZ#537346)

  - suspend-resume problems on systems with lots of logical
    CPUs, e.g. BX-EX. (BZ#539674)

  - off-by-one error in the legacy PCI bus check.
    (BZ#539675)

  - TSC was not made available on systems with
    multi-clustered APICs. This could cause slow performance
    for time-sensitive applications. (BZ#539676)

  - ACPI: ARB_DISABLE now disabled on platforms that do not
    need it. (BZ#539677)

  - fix node to core and power-aware scheduling issues, and
    a kernel panic during boot on certain AMD Opteron
    processors. (BZ#539678, BZ#540469, BZ#539680, BZ#539682)

  - APIC timer interrupt issues on some AMD Opteron systems
    prevented achieving full power savings. (BZ#539681)

  - general OProfile support for some newer Intel
    processors. (BZ#539683)

  - system crash during boot when NUMA is enabled on systems
    using MC and kernel-xen. (BZ#539684)

  - on some larger systems, performance issues due to a
    spinlock. (BZ#539685)

  - APIC errors when IOMMU is enabled on some AMD Opteron
    systems. (BZ#539687)

  - on some AMD Opteron systems, repeatedly taking a CPU
    offline then online caused a system hang. (BZ#539688)

  - I/O page fault errors on some systems. (BZ#539689)

  - certain memory configurations could cause the kernel-xen
    kernel to fail to boot on some AMD Opteron systems.
    (BZ#539690)

  - NMI watchdog is now disabled for offline CPUs.
    (BZ#539691)

  - duplicate directories in /proc/acpi/processor/ on BX-EX
    systems. (BZ#539692)

  - links did not come up when using bnx2x with certain
    Broadcom devices. (BZ#540381)

The system must be rebooted for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=529308"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=530383"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=533822"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=533858"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=533859"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=533861"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=537014"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=537019"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=537020"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=537346"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539674"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539676"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539677"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539678"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539680"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539681"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539682"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539683"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539684"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539685"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539687"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539688"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539689"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539690"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539691"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=539692"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=540381"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=540469"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=545583"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0912&L=scientific-linux-errata&T=0&P=2259
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6d453041"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_cwe_id(20, 200, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"x86_64", reference:"kernel-module-aufs-2.6.18-164.9.1.el5-0.20090202.cvs-6.sl5")) flag++;
if (rpm_check(release:"SL5", cpu:"x86_64", reference:"kernel-module-aufs-2.6.18-164.9.1.el5xen-0.20090202.cvs-6.sl5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-164.9.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-164.9.1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

• name	Aharon Chernin
  organization	SCAP.com, LLC

• name	Dragos Prisaca
  organization	G2, Inc.

• comment	The operating system installed on the system is Red Hat Enterprise Linux 4
  oval	oval:org.mitre.oval:def:11831

• comment	CentOS Linux 4.x
  oval	oval:org.mitre.oval:def:16636

• comment	Oracle Linux 4.x
  oval	oval:org.mitre.oval:def:15990

• comment	The operating system installed on the system is Red Hat Enterprise Linux 5
  oval	oval:org.mitre.oval:def:11414

• comment	The operating system installed on the system is CentOS Linux 5.x
  oval	oval:org.mitre.oval:def:15802

• comment	Oracle Linux 5.x
  oval	oval:org.mitre.oval:def:15459

• name	J. Daniel Brown
  organization	DTCC

• name	Chris Coffin
  organization	The MITRE Corporation