Vulnerabilities > CVE-2009-4020 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel 2.6.32

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.

Vulnerable Configurations

Part Description Count
OS
Linux
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0812-1.NASL
    descriptionThe SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs have been fixed : CVE-2015-2041: A information leak in the llc2_timeout_table was fixed (bnc#919007). CVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (bnc#910251). CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the 1-clock-tests test suite (bnc#907818). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel allowed local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (bnc#863335). CVE-2014-0181: The Netlink implementation in the Linux kernel did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404). CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260). CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779). CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem (bnc#769784). CVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel allowed local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020 (bnc#760902). CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict access to the SIOCSMIIREG command, which allowed local users to write data to an Ethernet adapter via an ioctl call (bnc#758813). CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an
    last seen2020-06-01
    modified2020-06-02
    plugin id83723
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83723
    titleSUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:0812-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83723);
      script_version("2.21");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2009-4020", "CVE-2011-1090", "CVE-2011-1163", "CVE-2011-1476", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1585", "CVE-2011-4127", "CVE-2011-4132", "CVE-2011-4913", "CVE-2011-4914", "CVE-2012-2313", "CVE-2012-2319", "CVE-2012-3400", "CVE-2012-6657", "CVE-2013-2147", "CVE-2013-4299", "CVE-2013-6405", "CVE-2013-6463", "CVE-2014-0181", "CVE-2014-1874", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3673", "CVE-2014-3917", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9420", "CVE-2014-9584", "CVE-2015-2041");
      script_bugtraq_id(46766, 46878, 46935, 47007, 47009, 47185, 47381, 50663, 51176, 53401, 53965, 54279, 60280, 63183, 63999, 64669, 65459, 67034, 67699, 68162, 68163, 68164, 68170, 68224, 69396, 69428, 69768, 69781, 69803, 70883, 71250, 71685, 71717, 71883, 72729);
    
      script_name(english:"SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive
    various security and bugfixes.
    
    The following security bugs have been fixed :
    
    CVE-2015-2041: A information leak in the llc2_timeout_table was fixed
    (bnc#919007).
    
    CVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not
    properly handle faults associated with the Stack Segment (SS) segment
    register, which allowed local users to gain privileges by triggering
    an IRET instruction that leads to access to a GS Base address from the
    wrong space (bnc#910251).
    
    CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c
    in the Linux kernel did not properly handle faults associated with the
    Stack Segment (SS) segment register, which allowed local users to
    cause a denial of service (panic) via a modify_ldt system call, as
    demonstrated by sigreturn_32 in the 1-clock-tests test suite
    (bnc#907818).
    
    CVE-2014-4667: The sctp_association_free function in
    net/sctp/associola.c in the Linux kernel did not properly manage a
    certain backlog value, which allowed remote attackers to cause a
    denial of service (socket outage) via a crafted SCTP packet
    (bnc#885422).
    
    CVE-2014-3673: The SCTP implementation in the Linux kernel allowed
    remote attackers to cause a denial of service (system crash) via a
    malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and
    net/sctp/sm_statefuns.c (bnc#902346).
    
    CVE-2014-3185: Multiple buffer overflows in the
    command_port_read_callback function in drivers/usb/serial/whiteheat.c
    in the Whiteheat USB Serial Driver in the Linux kernel allowed
    physically proximate attackers to execute arbitrary code or cause a
    denial of service (memory corruption and system crash) via a crafted
    device that provides a large amount of (1) EHCI or (2) XHCI data
    associated with a bulk response (bnc#896391).
    
    CVE-2014-3184: The report_fixup functions in the HID subsystem in the
    Linux kernel might have allowed physically proximate attackers to
    cause a denial of service (out-of-bounds write) via a crafted device
    that provides a small report descriptor, related to (1)
    drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)
    drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)
    drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c
    (bnc#896390).
    
    CVE-2014-1874: The security_context_to_sid_core function in
    security/selinux/ss/services.c in the Linux kernel allowed local users
    to cause a denial of service (system crash) by leveraging the
    CAP_MAC_ADMIN capability to set a zero-length security context
    (bnc#863335).
    
    CVE-2014-0181: The Netlink implementation in the Linux kernel did not
    provide a mechanism for authorizing socket operations based on the
    opener of a socket, which allowed local users to bypass intended
    access restrictions and modify network configurations by using a
    Netlink socket for the (1) stdout or (2) stderr of a setuid program
    (bnc#875051).
    
    CVE-2013-4299: Interpretation conflict in
    drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote
    authenticated users to obtain sensitive information or modify data via
    a crafted mapping to a snapshot block device (bnc#846404).
    
    CVE-2013-2147: The HP Smart Array controller disk-array driver and
    Compaq SMART2 controller disk-array driver in the Linux kernel did not
    initialize certain data structures, which allowed local users to
    obtain sensitive information from kernel memory via (1) a crafted
    IDAGETPCIINFO command for a /dev/ida device, related to the
    ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted
    CCISS_PASSTHRU32 command for a /dev/cciss device, related to the
    cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260).
    
    CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the
    Linux kernel did not ensure that a keepalive action is associated with
    a stream socket, which allowed local users to cause a denial of
    service (system crash) by leveraging the ability to create a raw
    socket (bnc#896779).
    
    CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol
    function in fs/udf/super.c in the Linux kernel allowed remote
    attackers to cause a denial of service (system crash) or possibly have
    unspecified other impact via a crafted UDF filesystem (bnc#769784).
    
    CVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem
    implementation in the Linux kernel allowed local users to gain
    privileges via a crafted HFS plus filesystem, a related issue to
    CVE-2009-4020 (bnc#760902).
    
    CVE-2012-2313: The rio_ioctl function in
    drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict
    access to the SIOCSMIIREG command, which allowed local users to write
    data to an Ethernet adapter via an ioctl call (bnc#758813).
    
    CVE-2011-4132: The cleanup_journal_tail function in the Journaling
    Block Device (JBD) functionality in the Linux kernel 2.6 allowed local
    users to cause a denial of service (assertion error and kernel oops)
    via an ext3 or ext4 image with an 'invalid log first block value'
    (bnc#730118).
    
    CVE-2011-4127: The Linux kernel did not properly restrict SG_IO ioctl
    calls, which allowed local users to bypass intended restrictions on
    disk read and write operations by sending a SCSI command to (1) a
    partition block device or (2) an LVM volume (bnc#738400).
    
    CVE-2011-1585: The cifs_find_smb_ses function in fs/cifs/connect.c in
    the Linux kernel did not properly determine the associations between
    users and sessions, which allowed local users to bypass CIFS share
    authentication by leveraging a mount of a share by a different user
    (bnc#687812).
    
    CVE-2011-1494: Integer overflow in the _ctl_do_mpt_command function in
    drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel might have
    allowed local users to gain privileges or cause a denial of service
    (memory corruption) via an ioctl call specifying a crafted value that
    triggers a heap-based buffer overflow (bnc#685402).
    
    CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
    did not validate (1) length and (2) offset values before performing
    memory copy operations, which might allow local users to gain
    privileges, cause a denial of service (memory corruption), or obtain
    sensitive information from kernel memory via a crafted ioctl call,
    related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions
    (bnc#685402).
    
    CVE-2011-1493: Array index error in the rose_parse_national function
    in net/rose/rose_subr.c in the Linux kernel allowed remote attackers
    to cause a denial of service (heap memory corruption) or possibly have
    unspecified other impact by composing FAC_NATIONAL_DIGIS data that
    specifies a large number of digipeaters, and then sending this data to
    a ROSE socket (bnc#681175).
    
    CVE-2011-4913: The rose_parse_ccitt function in net/rose/rose_subr.c
    in the Linux kernel did not validate the FAC_CCITT_DEST_NSAP and
    FAC_CCITT_SRC_NSAP fields, which allowed remote attackers to (1) cause
    a denial of service (integer underflow, heap memory corruption, and
    panic) via a small length value in data sent to a ROSE socket, or (2)
    conduct stack-based buffer overflow attacks via a large length value
    in data sent to a ROSE socket (bnc#681175).
    
    CVE-2011-4914: The ROSE protocol implementation in the Linux kernel
    did not verify that certain data-length values are consistent with the
    amount of data sent, which might allow remote attackers to obtain
    sensitive information from kernel memory or cause a denial of service
    (out-of-bounds read) via crafted data to a ROSE socket (bnc#681175).
    
    CVE-2011-1476: Integer underflow in the Open Sound System (OSS)
    subsystem in the Linux kernel on unspecified non-x86 platforms allowed
    local users to cause a denial of service (memory corruption) by
    leveraging write access to /dev/sequencer (bnc#681999).
    
    CVE-2011-1477: Multiple array index errors in sound/oss/opl3.c in the
    Linux kernel allowed local users to cause a denial of service (heap
    memory corruption) or possibly gain privileges by leveraging write
    access to /dev/sequencer (bnc#681999).
    
    CVE-2011-1163: The osf_partition function in fs/partitions/osf.c in
    the Linux kernel did not properly handle an invalid number of
    partitions, which might allow local users to obtain potentially
    sensitive information from kernel heap memory via vectors related to
    partition-table parsing (bnc#679812).
    
    CVE-2011-1090: The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c
    in the Linux kernel stored NFSv4 ACL data in memory that is allocated
    by kmalloc but not properly freed, which allowed local users to cause
    a denial of service (panic) via a crafted attempt to set an ACL
    (bnc#677286).
    
    CVE-2014-9584: The parse_rock_ridge_inode_internal function in
    fs/isofs/rock.c in the Linux kernel did not validate a length value in
    the Extensions Reference (ER) System Use Field, which allowed local
    users to obtain sensitive information from kernel memory via a crafted
    iso9660 image (bnc#912654).
    
    CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
    Linux kernel did not restrict the number of Rock Ridge continuation
    entries, which allowed local users to cause a denial of service
    (infinite loop, and system crash or hang) via a crafted iso9660 image
    (bnc#911325).
    
    CVE-2014-5471: Stack consumption vulnerability in the
    parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the
    Linux kernel allowed local users to cause a denial of service
    (uncontrolled recursion, and system crash or reboot) via a crafted
    iso9660 image with a CL entry referring to a directory entry that has
    a CL entry (bnc#892490).
    
    CVE-2014-5472: The parse_rock_ridge_inode_internal function in
    fs/isofs/rock.c in the Linux kernel allowed local users to cause a
    denial of service (unkillable mount process) via a crafted iso9660
    image with a self-referential CL entry (bnc#892490).
    
    CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
    CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed
    local users to obtain potentially sensitive single-bit values from
    kernel memory or cause a denial of service (OOPS) via a large value of
    a syscall number (bnc#880484).
    
    CVE-2014-4652: Race condition in the tlv handler functionality in the
    snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA
    control implementation in the Linux kernel allowed local users to
    obtain sensitive information from kernel memory by leveraging
    /dev/snd/controlCX access (bnc#883795).
    
    CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c
    in the ALSA control implementation in the Linux kernel did not check
    authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed
    local users to remove kernel controls and cause a denial of service
    (use-after-free and system crash) by leveraging /dev/snd/controlCX
    access for an ioctl call (bnc#883795).
    
    CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c
    in the ALSA control implementation in the Linux kernel did not
    properly maintain the user_ctl_count value, which allowed local users
    to cause a denial of service (integer overflow and limit bypass) by
    leveraging /dev/snd/controlCX access for a large number of
    SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls (bnc#883795).
    
    CVE-2014-4653: sound/core/control.c in the ALSA control implementation
    in the Linux kernel did not ensure possession of a read/write lock,
    which allowed local users to cause a denial of service
    (use-after-free) and obtain sensitive information from kernel memory
    by leveraging /dev/snd/controlCX access (bnc#883795).
    
    CVE-2014-4656: Multiple integer overflows in sound/core/control.c in
    the ALSA control implementation in the Linux kernel allowed local
    users to cause a denial of service by leveraging /dev/snd/controlCX
    access, related to (1) index values in the snd_ctl_add function and
    (2) numid values in the snd_ctl_remove_numid_conflict function
    (bnc#883795).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=677286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=679812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=681175"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=681999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=683282"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=685402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=687812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=730118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=730200"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=738400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=758813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=760902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=769784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=823260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=846404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=853040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=854722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=863335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=874307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=875051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=880484"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=883223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=883795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=885422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=891844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=892490"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=896390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=896391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=896779"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=902346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=907818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=908382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=910251"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=911325"
      );
      # https://download.suse.com/patch/finder/?keywords=15c960abc4733df91b510dfe4ba2ac6d
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0c2a8dc0"
      );
      # https://download.suse.com/patch/finder/?keywords=2a99948c9c3be4a024a9fa4d408002be
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bb8d1095"
      );
      # https://download.suse.com/patch/finder/?keywords=53c468d2b277f3335fcb5ddb08bda2e4
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0e08f301"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1090/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1163/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1476/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1477/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1493/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1494/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1495/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1585/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-4127/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-4132/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-4913/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-4914/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-2313/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-2319/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-3400/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-6657/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-2147/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-4299/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-6405/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-6463/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0181/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-1874/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3184/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3185/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3673/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3917/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4652/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4653/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4654/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4655/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4656/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4667/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-5471/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-5472/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9090/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9322/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9420/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9584/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2041/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20150812-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0e1e8d12"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdumppae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmipae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xenpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-debug-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdump-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-smp-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xen-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-bigsmp-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdumppae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmi-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmipae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xenpae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-default-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-source-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-syms-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-debug-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-smp-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xen-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdumppae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.132.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2013-0039.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id79507
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79507
    titleOracleVM 2.2 : kernel (OVMSA-2013-0039)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2013-0039.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79507);
      script_version("1.25");
      script_cvs_date("Date: 2020/02/13");
    
      script_cve_id("CVE-2006-6304", "CVE-2007-4567", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2908", "CVE-2009-3080", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3726", "CVE-2009-4020", "CVE-2009-4021", "CVE-2009-4067", "CVE-2009-4138", "CVE-2009-4141", "CVE-2009-4307", "CVE-2009-4308", "CVE-2009-4536", "CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0007", "CVE-2010-0415", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0727", "CVE-2010-1083", "CVE-2010-1084", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1173", "CVE-2010-1188", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2226", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2798", "CVE-2010-2942", "CVE-2010-2963", "CVE-2010-3067", "CVE-2010-3078", "CVE-2010-3086", "CVE-2010-3296", "CVE-2010-3432", "CVE-2010-3442", "CVE-2010-3477", "CVE-2010-3858", "CVE-2010-3859", "CVE-2010-3876", "CVE-2010-3877", "CVE-2010-4073", "CVE-2010-4080", "CVE-2010-4081", "CVE-2010-4083", "CVE-2010-4157", "CVE-2010-4158", "CVE-2010-4242", "CVE-2010-4248", "CVE-2010-4249", "CVE-2010-4258", "CVE-2010-4346", "CVE-2010-4649", "CVE-2010-4655", "CVE-2011-0521", "CVE-2011-0726", "CVE-2011-1010", "CVE-2011-1020", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1083", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1162", "CVE-2011-1163", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-3637", "CVE-2011-3638", "CVE-2011-4077", "CVE-2011-4086", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4324", "CVE-2011-4330", "CVE-2011-4348", "CVE-2012-1583", "CVE-2012-2136");
      script_bugtraq_id(35281, 35647, 35850, 35851, 35930, 36038, 36472, 36639, 36723, 36824, 36827, 36901, 36936, 37068, 37069, 37339, 37519, 37521, 37523, 37762, 37806, 38144, 38165, 38185, 38479, 38898, 39016, 39042, 39044, 39101, 39569, 39715, 39719, 39794, 40356, 40920, 42124, 42242, 42249, 42505, 42529, 43022, 43221, 43353, 43480, 43787, 43809, 44242, 44301, 44354, 44630, 44648, 44754, 44758, 45014, 45028, 45037, 45058, 45063, 45073, 45159, 45323, 45972, 45986, 46073, 46488, 46492, 46567, 46616, 46630, 46766, 46793, 46866, 46878, 47003, 47308, 47321, 47343, 47381, 47534, 47535, 47791, 47796, 47843, 48236, 48333, 48383, 48641, 48687, 49108, 49141, 49295, 49373, 50322, 50370, 50750, 50755, 50764, 50798, 51176, 51361, 51363, 51945, 53139, 53721);
    
      script_name(english:"OracleVM 2.2 : kernel (OVMSA-2013-0039)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2013-0039 for details."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/oraclevm-errata/2013-May/000153.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS2.2", reference:"kernel-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-PAE-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-PAE-devel-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-devel-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-ovs-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-ovs-devel-2.6.18-128.2.1.5.10.el5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / kernel-ovs / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-100108.NASL
    descriptionIndications Everyone using the Linux Kernel on x86_64 architecture should update. Contraindications None. Problem description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. The following security issues were fixed : - A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4536) - A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4538) - drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. (CVE-2009-4138) - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307) - The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) For a complete list of changes, please look at the RPM changelog. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module.
    last seen2020-06-01
    modified2020-06-02
    plugin id44037
    published2010-01-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44037
    titleSuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1754 / 1760)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(44037);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:39");
    
      script_cve_id("CVE-2009-3080", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4020", "CVE-2009-4138", "CVE-2009-4307", "CVE-2009-4308", "CVE-2009-4536", "CVE-2009-4538");
    
      script_name(english:"SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1754 / 1760)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Indications Everyone using the Linux Kernel on x86_64 architecture
    should update.
    
    Contraindications None.
    
    Problem description
    
    The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixing
    various bugs and security issues.
    
    The following security issues were fixed :
    
      - A underflow in the e1000 jumbo ethernet frame handling
        could be use by link-local remote attackers to crash the
        machine or potentially execute code in kernel context.
        This requires the attacker to be able to send Jumbo
        Frames to the target machine. (CVE-2009-4536)
    
      - A underflow in the e1000e jumbo ethernet frame handling
        could be use by link-local remote attackers to crash the
        machine or potentially execute code in kernel context.
        This requires the attacker to be able to send Jumbo
        Frames to the target machine. (CVE-2009-4538)
    
      - drivers/firewire/ohci.c in the Linux kernel, when
        packet-per-buffer mode is used, allows local users to
        cause a denial of service (NULL pointer dereference and
        system crash) or possibly have unknown other impact via
        an unspecified ioctl associated with receiving an ISO
        packet that contains zero in the payload-length field.
        (CVE-2009-4138)
    
      - The ext4_fill_flex_info function in fs/ext4/super.c in
        the Linux kernel allows user-assisted remote attackers
        to cause a denial of service (divide-by-zero error and
        panic) via a malformed ext4 filesystem containing a
        super block with a large FLEX_BG group size (aka
        s_log_groups_per_flex value). (CVE-2009-4307)
    
      - The ext4_decode_error function in fs/ext4/super.c in the
        ext4 filesystem in the Linux kernel before 2.6.32 allows
        user-assisted remote attackers to cause a denial of
        service (NULL pointer dereference), and possibly have
        unspecified other impact, via a crafted read-only
        filesystem that lacks a journal. (CVE-2009-4308)
    
      - The poll_mode_io file for the megaraid_sas driver in the
        Linux kernel has world-writable permissions, which
        allows local users to change the I/O mode of the driver
        by modifying this file. (CVE-2009-3939)
    
      - The collect_rx_frame function in
        drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows
        attackers to have an unspecified impact via a crafted
        HDLC packet that arrives over ISDN and triggers a buffer
        under-read. (CVE-2009-4005)
    
      - A negative offset in a ioctl in the GDTH RAID driver was
        fixed. (CVE-2009-3080)
    
      - Stack-based buffer overflow in the hfs subsystem in the
        Linux kernel allows remote attackers to have an
        unspecified impact via a crafted Hierarchical File
        System (HFS) filesystem, related to the hfs_readdir
        function in fs/hfs/dir.c. (CVE-2009-4020)
    
    For a complete list of changes, please look at the RPM changelog.
    
    Solution
    
    Please install the updates provided at the location noted below.
    
    Installation notes
    
    This update is provided as a set of RPM packages that can easily be
    installed onto a running system by using the YaST online update
    module."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=479304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=480524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=490030"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=509066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=515645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=523487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=526819"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=528811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=535939"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=544763"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=545367"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=546449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=547357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=547370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=547474"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=549567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=552033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=554197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=557180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=557668"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=557683"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=560055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=561621"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=564374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=564381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=564382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=564712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=565267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=566480"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=567376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=567684"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3080.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3939.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4005.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4020.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4138.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4307.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4308.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4536.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4538.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 1754 / 1760 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-vmi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-vmi-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-default-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-default-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-default-extra-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-pae-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-pae-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-pae-extra-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-source-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-syms-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-xen-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-xen-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kernel-xen-extra-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kernel-default-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kernel-default-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kernel-default-extra-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kernel-source-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kernel-syms-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kernel-xen-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kernel-xen-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kernel-xen-extra-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"ext4dev-kmp-default-0_2.6.27.42_0.1-7.1.24")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"ext4dev-kmp-pae-0_2.6.27.42_0.1-7.1.24")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"ext4dev-kmp-vmi-0_2.6.27.42_0.1-7.1.24")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"ext4dev-kmp-xen-0_2.6.27.42_0.1-7.1.24")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-default-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-default-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-pae-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-pae-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-source-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-syms-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-vmi-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-vmi-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-xen-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"kernel-xen-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"ext4dev-kmp-default-0_2.6.27.42_0.1-7.1.24")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"ext4dev-kmp-xen-0_2.6.27.42_0.1-7.1.24")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"kernel-default-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"kernel-default-base-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"kernel-source-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"kernel-syms-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"kernel-xen-2.6.27.42-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"kernel-xen-base-2.6.27.42-0.1.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-7011.NASL
    descriptionThis update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious data corruption regression in NFS. The following security issues were fixed : - drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing
    last seen2020-06-01
    modified2020-06-02
    plugin id46252
    published2010-05-07
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46252
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7011)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(46252);
      script_version ("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:40");
    
      script_cve_id("CVE-2009-4020", "CVE-2009-4537", "CVE-2010-0410", "CVE-2010-1083", "CVE-2010-1086", "CVE-2010-1088");
    
      script_name(english:"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7011)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a several security issues and various bugs in the
    SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious
    data corruption regression in NFS.
    
    The following security issues were fixed :
    
      - drivers/net/r8169.c in the r8169 driver in the Linux
        kernel does not properly check the size of an Ethernet
        frame that exceeds the MTU, which allows remote
        attackers to (1) cause a denial of service (temporary
        network outage) via a packet with a crafted size, in
        conjunction with certain packets containing A characters
        and certain packets containing E characters; or (2)
        cause a denial of service (system crash) via a packet
        with a crafted size, in conjunction with certain packets
        containing '0' characters, related to the value of the
        status register and erroneous behavior associated with
        the RxMaxSize register. (CVE-2009-4537)
    
      - The ULE decapsulation functionality in
        drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in the
        Linux kernel arlier allows attackers to cause a denial
        of service (infinite loop) via a crafted MPEG2-TS frame,
        related to an invalid Payload Pointer ULE.
        (CVE-2010-1086)
    
      - fs/namei.c in Linux kernel does not always follow NFS
        automount 'symlinks,' which allows attackers to have an
        unknown impact, related to LOOKUP_FOLLOW.
        (CVE-2010-1088)
    
      - Stack-based buffer overflow in the hfs subsystem in the
        Linux kernel allows remote attackers to have an
        unspecified impact via a crafted Hierarchical File
        System (HFS) filesystem, related to the hfs_readdir
        function in fs/hfs/dir.c. (CVE-2009-4020)
    
      - The processcompl_compat function in
        drivers/usb/core/devio.c in the Linux kernel does not
        clear the transfer buffer before returning to userspace
        when a USB command fails, which might make it easier for
        physically proximate attackers to obtain sensitive
        information (kernel memory). (CVE-2010-1083)
    
      - drivers/connector/connector.c in the Linux kernel allows
        local users to cause a denial of service (memory
        consumption and system crash) by sending the kernel many
        NETLINK_CONNECTOR messages. (CVE-2010-0410)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4020.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4537.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0410.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-1083.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-1086.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-1088.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7011.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(20, 119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/04/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-default-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-smp-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-source-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-syms-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-xen-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-debug-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-default-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-smp-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-source-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-syms-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-xen-2.6.16.60-0.42.10")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.42.10")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-756.NASL
    descriptionThe openSUSE 11.4 kernel was updated to fix various bugs and security issues. This is the final update of the 2.6.37 kernel of openSUSE 11.4.
    last seen2020-06-05
    modified2014-06-13
    plugin id74801
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74801
    titleopenSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0009.NASL
    descriptiona. Service Console update for COS kernel Updated COS package
    last seen2020-06-01
    modified2020-06-02
    plugin id46765
    published2010-06-01
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46765
    titleVMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-6929.NASL
    descriptionThis update fixes lots of bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. - A stack-based buffer overflow in the HFS subsystem of the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir() function in fs/hfs/dir.c. CVE-2010-0410: The connector netlink driver (drivers/connector/connector.c) of the Linux kernel allows local users to cause a denial of service (memory consumption or system crash) by sending the kernel many NETLINK_CONNECTOR messages. CVE-2009-3556: A configuration value in the qla2xxx driver of the Linux kernel when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the vport_create and vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. (CVE-2009-4020)
    last seen2020-06-01
    modified2020-06-02
    plugin id59146
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59146
    titleSuSE 10 Security Update : Linux kernel (x86_64) (ZYPP Patch Number 6929)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0009_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd
    last seen2020-06-01
    modified2020-06-02
    plugin id89740
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89740
    titleVMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0046.NASL
    descriptionFrom Red Hat Security Advisory 2010:0046 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * an array index error was found in the gdth driver. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation. (CVE-2009-4021, Important) * Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic. (CVE-2009-4272, Important) * the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have
    last seen2020-06-01
    modified2020-06-02
    plugin id67988
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67988
    titleOracle Linux 5 : kernel (ELSA-2010-0046)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100202_KERNEL_ON_SL4_X.NASL
    descriptionCVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl CVE-2009-4005 kernel: isdn: hfc_usb: fix read buffer overflow CVE-2009-4020 kernel: hfs buffer overflow This update fixes the following security issues : - an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) - a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service. (CVE-2009-4005, Important) - permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The
    last seen2020-06-01
    modified2020-06-02
    plugin id60728
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60728
    titleScientific Linux Security Update : kernel on SL4.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-100109.NASL
    descriptionIndications Everyone using the Linux Kernel on s390x architecture should update. Contraindications None. Problem description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. The following security issues were fixed : - A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4536) - A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4538) - drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. (CVE-2009-4138) - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307) - The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) For a complete list of changes, please look at the RPM changelog. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module.
    last seen2020-06-01
    modified2020-06-02
    plugin id52685
    published2011-03-17
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52685
    titleSuSE 11 Security Update : Linux kernel (SAT Patch Number 1753)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-6925.NASL
    descriptionThis update fixes lots of bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. - A stack-based buffer overflow in the HFS subsystem of the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir() function in fs/hfs/dir.c. CVE-2010-0410: The connector netlink driver (drivers/connector/connector.c) of the Linux kernel allows local users to cause a denial of service (memory consumption or system crash) by sending the kernel many NETLINK_CONNECTOR messages. CVE-2009-3556: A configuration value in the qla2xxx driver of the Linux kernel when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the vport_create and vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. (CVE-2009-4020)
    last seen2020-06-01
    modified2020-06-02
    plugin id49870
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49870
    titleSuSE 10 Security Update : Linux kernel (x86) (ZYPP Patch Number 6925)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_KERNEL-100301.NASL
    descriptionThe openSUSE 11.0 kernel was updated to fix following security issues : CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0410: drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id45010
    published2010-03-09
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45010
    titleopenSUSE Security Update : kernel (kernel-2089)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0076.NASL
    descriptionFrom Red Hat Security Advisory 2010:0076 : Updated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service. (CVE-2009-4005, Important) * permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The
    last seen2020-06-01
    modified2020-06-02
    plugin id67992
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67992
    titleOracle Linux 4 : kernel (ELSA-2010-0076)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-1832-1.NASL
    descriptionThe SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up update to fix lots of moderate security issues and several bugs. The Following security issues have been fixed : CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password. CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. CVE-2013-0160: The Linux kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application. CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6546: The ATM implementation in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel memory via a crafted application. CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel had an incorrect return value in certain circumstances, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. CVE-2011-2492: The bluetooth subsystem in the Linux kernel did not properly initialize certain data structures, which allowed local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel on unspecified architectures lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and
    last seen2020-06-05
    modified2015-05-20
    plugin id83603
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83603
    titleSUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2003.NASL
    descriptionNOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release
    last seen2020-06-01
    modified2020-06-02
    plugin id44867
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44867
    titleDebian DSA-2003-1 : linux-2.6 - privilege escalation/denial of service
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-357.NASL
    descriptionThis kernel update of the openSUSE 12.1 kernel brings various bug and security fixes. Following issues were fixed : - tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). - be2net: non-member vlan pkts not received in promiscous mode (bnc#732006 CVE-2011-3347). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: put page when fail to get all requested user pages (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: fix offset calculation when building skb (bnc#758243 CVE-2012-2119). - Avoid reading past buffer when calling GETACL (bnc#762992). - Avoid beyond bounds copy while caching ACL (bnc#762992). - Fix length of buffer copied in __nfs4_get_acl_uncached (bnc#762992). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - usb/net: rndis: merge command codes. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: break out <linux/rndis.h> defines. only net/hyperv part - net/hyperv: Add flow control based on hi/low watermark. - hv: fix return type of hv_post_message(). - Drivers: hv: util: Properly handle version negotiations. - Drivers: hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - HID: hyperv: Set the hid drvdata correctly. - HID: hid-hyperv: Do not use hid_parse_report() directly. - [SCSI] storvsc: Properly handle errors from the host (bnc#747404). - Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (bnc#762991 CVE-2012-2373). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - net/hyperv: Adding cancellation to ensure rndis filter is closed. - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#761681). - thp: reduce khugepaged freezing latency (bnc#760860). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - cdc_ether: Ignore bogus union descriptor for RNDIS devices (bnc#735362). Taking the fix from net-next - Fix kABI breakage due to including proc_fs.h in kernel/fork.c modversion changed because of changes in struct proc_dir_entry (became defined) Refresh patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-for k-failure. - Disabled MMC_TEST (bnc#760077). - Input: ALPS - add semi-MT support for v3 protocol (bnc#716996). - Input: ALPS - add support for protocol versions 3 and 4 (bnc#716996). - Input: ALPS - remove assumptions about packet size (bnc#716996). - Input: ALPS - add protocol version field in alps_model_info (bnc#716996). - Input: ALPS - move protocol information to Documentation (bnc#716996). - sysctl/defaults: kernel.hung_task_timeout -> kernel.hung_task_timeout_secs (bnc#700174) - btrfs: partial revert of truncation improvements (FATE#306586 bnc#748463 bnc#760279). - libata: skip old error history when counting probe trials. - procfs, namespace, pid_ns: fix leakage upon fork() failure (bnc#757783). - cdc-wdm: fix race leading leading to memory corruption (bnc#759554). This patch fixes a race whereby a pointer to a buffer would be overwritten while the buffer was in use leading to a double free and a memory leak. This causes crashes. This bug was introduced in 2.6.34 - netfront: delay gARP until backend switches to Connected. - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus: check availability of XS_RESET_WATCHES command. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - blkfront: properly fail packet requests (bnc#745929). - Linux 3.1.10. - Update Xen config files. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - mqueue: fix a vfsmount longterm reference leak (bnc#757783). - cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (bnc#757789). - procfs: fix a vfsmount longterm reference leak (bnc#757783). - uwb: fix error handling (bnc#731720). This fixes a kernel error on unplugging an uwb dongle - uwb: fix use of del_timer_sync() in interrupt (bnc#731720). This fixes a kernel warning on plugging in an uwb dongle - acer-wmi: Detect communication hot key number. - acer-wmi: replaced the hard coded bitmap by the communication devices bitmap from SMBIOS. - acer-wmi: add ACER_WMID_v2 interface flag to represent new notebooks. - acer-wmi: No wifi rfkill on Sony machines. - acer-wmi: No wifi rfkill on Lenovo machines. - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - Drivers: scsi: storvsc: Account for in-transit packets in the RESET path. - CPU hotplug, cpusets, suspend: Don
    last seen2020-06-05
    modified2014-06-13
    plugin id74661
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74661
    titleopenSUSE Security Update : Kernel (openSUSE-SU-2012:0812-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12636.NASL
    descriptionThis update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel. The following security issues were fixed : - A crafted NFS write request might have caused a buffer overwrite, potentially causing a kernel crash. (CVE-2010-2521) - The x86_64 copy_to_user implementation might have leaked kernel memory depending on specific user buffer setups. (CVE-2008-0598) - drivers/net/r8169.c in the r8169 driver in the Linux kernel did not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing
    last seen2020-06-01
    modified2020-06-02
    plugin id48901
    published2010-08-27
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48901
    titleSuSE9 Security Update : Linux kernel (YOU Patch Number 12636)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2005.NASL
    descriptionNOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release
    last seen2020-06-01
    modified2020-06-02
    plugin id44951
    published2010-03-02
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44951
    titleDebian DSA-2005-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0046.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * an array index error was found in the gdth driver. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation. (CVE-2009-4021, Important) * Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic. (CVE-2009-4272, Important) * the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have
    last seen2020-06-01
    modified2020-06-02
    plugin id44096
    published2010-01-21
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44096
    titleCentOS 5 : kernel (CESA-2010:0046)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-342.NASL
    descriptionThis kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues. Following issues were fixed : - tcp: drop SYN+FIN messages (bnc#765102). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - ext4: fix undefined behavior in ext4_fill_flex_info() (bnc#757278). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - b43: allocate receive buffers big enough for max frame len + offset (bnc#717749). - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus_dev: add missing error checks to watch handling. - hwmon: (coretemp-xen) Fix TjMax detection for older CPUs. - hwmon: (coretemp-xen) Relax target temperature range check. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - bridge: correct IPv6 checksum after pull (bnc#738644). - bridge: fix a possible use after free (bnc#738644). - bridge: Pseudo-header required for the checksum of ICMPv6 (bnc#738644). - bridge: mcast snooping, fix length check of snooped MLDv1/2 (bnc#738644). - PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455). - ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203). - drm/i915/crt: Remove 0xa0 probe for VGA. - tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366). - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). - dlm: Do not allocate a fd for peeloff (bnc#729247). - sctp: Export sctp_do_peeloff (bnc#729247). - i2c-algo-bit: Fix spurious SCL timeouts under heavy load. - patches.fixes/epoll-dont-limit-non-nested.patch: Don
    last seen2020-06-05
    modified2014-06-13
    plugin id74658
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74658
    titleopenSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0076.NASL
    descriptionUpdated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service. (CVE-2009-4005, Important) * permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The
    last seen2020-06-01
    modified2020-06-02
    plugin id44386
    published2010-02-03
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44386
    titleRHEL 4 : kernel (RHSA-2010:0076)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-894-1.NASL
    descriptionAmerigo Wang and Eric Sesterhenn discovered that the HFS and ext4 filesystems did not correctly check certain disk structures. If a user were tricked into mounting a specially crafted filesystem, a remote attacker could crash the system or gain root privileges. (CVE-2009-4020, CVE-2009-4308) It was discovered that FUSE did not correctly check certain requests. A local attacker with access to FUSE mounts could exploit this to crash the system or possibly gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-4021) It was discovered that KVM did not correctly decode certain guest instructions. A local attacker in a guest could exploit this to trigger high scheduling latency in the host, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-4031) It was discovered that the OHCI fireware driver did not correctly handle certain ioctls. A local attacker could exploit this to crash the system, or possibly gain root privileges. Ubuntu 6.06 was not affected. (CVE-2009-4138) Tavis Ormandy discovered that the kernel did not correctly handle O_ASYNC on locked files. A local attacker could exploit this to gain root privileges. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141) Neil Horman and Eugene Teo discovered that the e1000 and e1000e network drivers did not correctly check the size of Ethernet frames. An attacker on the local network could send specially crafted traffic to bypass packet filters, crash the system, or possibly gain root privileges. (CVE-2009-4536, CVE-2009-4538) It was discovered that
    last seen2020-06-01
    modified2020-06-02
    plugin id44399
    published2010-02-05
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44399
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-894-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0046.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * an array index error was found in the gdth driver. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation. (CVE-2009-4021, Important) * Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic. (CVE-2009-4272, Important) * the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have
    last seen2020-06-01
    modified2020-06-02
    plugin id44062
    published2010-01-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44062
    titleRHEL 5 : kernel (RHSA-2010:0046)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-7015.NASL
    descriptionThis update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious data corruption regression in NFS. The following security issues were fixed : - drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing
    last seen2020-06-01
    modified2020-06-02
    plugin id59148
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59148
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7015)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0076.NASL
    descriptionUpdated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service. (CVE-2009-4005, Important) * permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The
    last seen2020-06-01
    modified2020-06-02
    plugin id44395
    published2010-02-05
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44395
    titleCentOS 4 : kernel (CESA-2010:0076)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_KERNEL-100107.NASL
    descriptionThe openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. Following security issues were fixed: CVE-2009-4536: A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. CVE-2009-4538: A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. CVE-2009-4307: The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. CVE-2009-4005: The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. CVE-2009-3080: A negative offset in a ioctl in the GDTH RAID driver was fixed. CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. For a complete list of changes, please look at the RPM changelog.
    last seen2020-06-01
    modified2020-06-02
    plugin id44034
    published2010-01-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44034
    titleopenSUSE Security Update : kernel (kernel-1749)

Oval

  • accepted2013-04-29T04:01:31.508-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionStack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
    familyunix
    idoval:org.mitre.oval:def:10091
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleStack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
    version27
  • accepted2014-01-20T04:01:29.211-05:00
    classvulnerability
    contributors
    • nameJ. Daniel Brown
      organizationDTCC
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    commentVMware ESX Server 4.0 is installed
    ovaloval:org.mitre.oval:def:6293
    descriptionStack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
    familyunix
    idoval:org.mitre.oval:def:6750
    statusaccepted
    submitted2010-06-01T17:30:00.000-05:00
    titlehfs Subsystem Stack-based Buffer Overflow Vulnerability
    version8

Redhat

advisories
  • bugzilla
    id556406
    titlekernel: r8169: straighten out overlength frame detection (improved) [rhel-4.9] [rhel-4.8.z]
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • commentkernel earlier than 0:2.6.9-89.0.20.EL is currently running
          ovaloval:com.redhat.rhsa:tst:20100076023
        • commentkernel earlier than 0:2.6.9-89.0.20.EL is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20100076024
      • OR
        • AND
          • commentkernel-doc is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076001
          • commentkernel-doc is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304002
        • AND
          • commentkernel-devel is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076003
          • commentkernel-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304016
        • AND
          • commentkernel-smp is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076005
          • commentkernel-smp is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304004
        • AND
          • commentkernel-largesmp-devel is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076007
          • commentkernel-largesmp-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304008
        • AND
          • commentkernel-xenU-devel is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076009
          • commentkernel-xenU-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304014
        • AND
          • commentkernel is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076011
          • commentkernel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304018
        • AND
          • commentkernel-largesmp is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076013
          • commentkernel-largesmp is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304010
        • AND
          • commentkernel-smp-devel is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076015
          • commentkernel-smp-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304012
        • AND
          • commentkernel-xenU is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076017
          • commentkernel-xenU is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304006
        • AND
          • commentkernel-hugemem is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076019
          • commentkernel-hugemem is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304020
        • AND
          • commentkernel-hugemem-devel is earlier than 0:2.6.9-89.0.20.EL
            ovaloval:com.redhat.rhsa:tst:20100076021
          • commentkernel-hugemem-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304022
    rhsa
    idRHSA-2010:0076
    released2010-02-02
    severityImportant
    titleRHSA-2010:0076: kernel security and bug fix update (Important)
  • rhsa
    idRHSA-2010:0046
  • rhsa
    idRHSA-2010:0095
rpms
  • kernel-0:2.6.18-164.11.1.el5
  • kernel-PAE-0:2.6.18-164.11.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-PAE-devel-0:2.6.18-164.11.1.el5
  • kernel-debug-0:2.6.18-164.11.1.el5
  • kernel-debug-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-debug-devel-0:2.6.18-164.11.1.el5
  • kernel-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-debuginfo-common-0:2.6.18-164.11.1.el5
  • kernel-devel-0:2.6.18-164.11.1.el5
  • kernel-doc-0:2.6.18-164.11.1.el5
  • kernel-headers-0:2.6.18-164.11.1.el5
  • kernel-kdump-0:2.6.18-164.11.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-kdump-devel-0:2.6.18-164.11.1.el5
  • kernel-xen-0:2.6.18-164.11.1.el5
  • kernel-xen-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-xen-devel-0:2.6.18-164.11.1.el5
  • kernel-0:2.6.9-89.0.20.EL
  • kernel-debuginfo-0:2.6.9-89.0.20.EL
  • kernel-devel-0:2.6.9-89.0.20.EL
  • kernel-doc-0:2.6.9-89.0.20.EL
  • kernel-hugemem-0:2.6.9-89.0.20.EL
  • kernel-hugemem-devel-0:2.6.9-89.0.20.EL
  • kernel-largesmp-0:2.6.9-89.0.20.EL
  • kernel-largesmp-devel-0:2.6.9-89.0.20.EL
  • kernel-smp-0:2.6.9-89.0.20.EL
  • kernel-smp-devel-0:2.6.9-89.0.20.EL
  • kernel-xenU-0:2.6.9-89.0.20.EL
  • kernel-xenU-devel-0:2.6.9-89.0.20.EL

Seebug

bulletinFamilyexploit
descriptionCVE ID: CVE-2009-4020 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的fs/hfs/dir.c文件中的hfs_readdir函数存在栈溢出漏洞,特制的多级文件系统(HFS)可以在 hfs_bnode_read()函数的memcpy()调用过程中触发这个溢出。攻击者可以提供源缓冲区和长度,目标缓冲区是固定长度的本地变量,这个变量存储在了hfs_bnode_read()调用程序的栈帧中(hfs_readdir())。由于在试图读取文件系统上目录时都会执行 hfs_readdir()函数,因此用户试图检查任何文件系统内容时都会调用这个函数。 Linux kernel 2.6.32 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://bugzilla.redhat.com/attachment.cgi?id=373295
idSSV:15037
last seen2017-11-19
modified2009-12-12
published2009-12-12
reporterRoot
titleLinux Kernel HFS子系统栈溢出漏洞

Statements

contributorMark J Cox
lastmodified2010-02-04
organizationRed Hat
statementThis issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise MRG as the affected driver is not enabled in this kernel. It was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0076.html and https://rhn.redhat.com/errata/RHSA-2010-0046.html respectively. Red Hat Enterprise Linux 3 is now in Production 3 of the maintenance life-cycle, http://www.redhat.com/security/updates/errata, and this issue is rated as having low impact, therefore the fix for this issue is not currently planned to be included in the future updates.

References