Vulnerabilities > CVE-2010-2070 - Local Denial Of Service vulnerability in Xen 'arch/ia64/xen/faults.c'

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
xensource
nessus

Summary

arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742.

Vulnerable Configurations

Part Description Count
Application
Xensource
2

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0610.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1084, Important) * a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important) * a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service). (CVE-2010-2248, Important) * buffer overflow flaws were found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id48301
    published2010-08-12
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48301
    titleCentOS 5 : kernel (CESA-2010:0610)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0610 and 
    # CentOS Errata and Security Advisory 2010:0610 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(48301);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:05");
    
      script_cve_id("CVE-2010-1084", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524");
      script_bugtraq_id(38898, 40776, 40920, 41466, 41904, 42242, 42249);
      script_xref(name:"RHSA", value:"2010:0610");
    
      script_name(english:"CentOS 5 : kernel (CESA-2010:0610)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
    * instances of unsafe sprintf() use were found in the Linux kernel
    Bluetooth implementation. Creating a large number of Bluetooth L2CAP,
    SCO, or RFCOMM sockets could result in arbitrary memory pages being
    overwritten. A local, unprivileged user could use this flaw to cause a
    kernel panic (denial of service) or escalate their privileges.
    (CVE-2010-1084, Important)
    
    * a flaw was found in the Xen hypervisor implementation when using the
    Intel Itanium architecture, allowing guests to enter an unsupported
    state. An unprivileged guest user could trigger this flaw by setting
    the BE (Big Endian) bit of the Processor Status Register (PSR),
    leading to the guest crashing (denial of service). (CVE-2010-2070,
    Important)
    
    * a flaw was found in the CIFSSMBWrite() function in the Linux kernel
    Common Internet File System (CIFS) implementation. A remote attacker
    could send a specially crafted SMB response packet to a target CIFS
    client, resulting in a kernel panic (denial of service).
    (CVE-2010-2248, Important)
    
    * buffer overflow flaws were found in the Linux kernel's
    implementation of the server-side External Data Representation (XDR)
    for the Network File System (NFS) version 4. An attacker on the local
    network could send a specially crafted large compound request to the
    NFSv4 server, which could possibly result in a kernel panic (denial of
    service) or, potentially, code execution. (CVE-2010-2521, Important)
    
    * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux
    kernel XFS file system implementation. A local user could use this
    flaw to read write-only files, that they do not own, on an XFS file
    system. This could lead to unintended information disclosure.
    (CVE-2010-2226, Moderate)
    
    * a flaw was found in the dns_resolver upcall used by CIFS. A local,
    unprivileged user could redirect a Microsoft Distributed File System
    link to another IP address, tricking the client into mounting the
    share from a server of the user's choosing. (CVE-2010-2524, Moderate)
    
    * a missing check was found in the mext_check_arguments() function in
    the ext4 file system code. A local user could use this flaw to cause
    the MOVE_EXT IOCTL to overwrite the contents of an append-only file on
    an ext4 file system, if they have write permissions for that file.
    (CVE-2010-2066, Low)
    
    Red Hat would like to thank Neil Brown for reporting CVE-2010-1084,
    and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.
    
    This update also fixes several bugs. Documentation for these bug fixes
    will be available shortly from the Technical Notes document linked to
    in the References.
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2010-August/016890.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?74c9c2bd"
      );
      # https://lists.centos.org/pipermail/centos-announce/2010-August/016891.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?52607eba"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-194.11.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-194.11.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-194.11.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-194.11.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-194.11.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-194.11.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-194.11.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-194.11.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-194.11.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-194.11.1.el5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0610.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1084, Important) * a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important) * a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service). (CVE-2010-2248, Important) * buffer overflow flaws were found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id48312
    published2010-08-12
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48312
    titleRHEL 5 : kernel (RHSA-2010:0610)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0610. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(48312);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:15");
    
      script_cve_id("CVE-2010-1084", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524");
      script_bugtraq_id(38898, 40776, 40920, 41466, 41904, 42242, 42249);
      script_xref(name:"RHSA", value:"2010:0610");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2010:0610)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
    * instances of unsafe sprintf() use were found in the Linux kernel
    Bluetooth implementation. Creating a large number of Bluetooth L2CAP,
    SCO, or RFCOMM sockets could result in arbitrary memory pages being
    overwritten. A local, unprivileged user could use this flaw to cause a
    kernel panic (denial of service) or escalate their privileges.
    (CVE-2010-1084, Important)
    
    * a flaw was found in the Xen hypervisor implementation when using the
    Intel Itanium architecture, allowing guests to enter an unsupported
    state. An unprivileged guest user could trigger this flaw by setting
    the BE (Big Endian) bit of the Processor Status Register (PSR),
    leading to the guest crashing (denial of service). (CVE-2010-2070,
    Important)
    
    * a flaw was found in the CIFSSMBWrite() function in the Linux kernel
    Common Internet File System (CIFS) implementation. A remote attacker
    could send a specially crafted SMB response packet to a target CIFS
    client, resulting in a kernel panic (denial of service).
    (CVE-2010-2248, Important)
    
    * buffer overflow flaws were found in the Linux kernel's
    implementation of the server-side External Data Representation (XDR)
    for the Network File System (NFS) version 4. An attacker on the local
    network could send a specially crafted large compound request to the
    NFSv4 server, which could possibly result in a kernel panic (denial of
    service) or, potentially, code execution. (CVE-2010-2521, Important)
    
    * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux
    kernel XFS file system implementation. A local user could use this
    flaw to read write-only files, that they do not own, on an XFS file
    system. This could lead to unintended information disclosure.
    (CVE-2010-2226, Moderate)
    
    * a flaw was found in the dns_resolver upcall used by CIFS. A local,
    unprivileged user could redirect a Microsoft Distributed File System
    link to another IP address, tricking the client into mounting the
    share from a server of the user's choosing. (CVE-2010-2524, Moderate)
    
    * a missing check was found in the mext_check_arguments() function in
    the ext4 file system code. A local user could use this flaw to cause
    the MOVE_EXT IOCTL to overwrite the contents of an append-only file on
    an ext4 file system, if they have write permissions for that file.
    (CVE-2010-2066, Low)
    
    Red Hat would like to thank Neil Brown for reporting CVE-2010-1084,
    and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.
    
    This update also fixes several bugs. Documentation for these bug fixes
    will be available shortly from the Technical Notes document linked to
    in the References.
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-1084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2070"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2248"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2521"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2524"
      );
      # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?056c0c27"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2010:0610"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/08/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2010-1084", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2010:0610");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2010:0610";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-194.11.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-194.11.1.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
      }
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2011-0003.NASL
    descriptiona. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0.
    last seen2020-06-01
    modified2020-06-02
    plugin id51971
    published2011-02-14
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51971
    titleVMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0622.NASL
    descriptionUpdated rhev-hypervisor packages that fix multiple security issues and two bugs are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system
    last seen2020-06-01
    modified2020-06-02
    plugin id79276
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79276
    titleRHEL 5 : rhev-hypervisor (RHSA-2010:0622)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2011-0003_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5
    last seen2020-06-01
    modified2020-06-02
    plugin id89674
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89674
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0610.NASL
    descriptionFrom Red Hat Security Advisory 2010:0610 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1084, Important) * a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important) * a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service). (CVE-2010-2248, Important) * buffer overflow flaws were found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id68081
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68081
    titleOracle Linux 5 : kernel (ELSA-2010-0610)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100810_KERNEL_ON_SL5_X.NASL
    descriptionThis update fixes the following security issues : - instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1084, Important) - a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important) - a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service). (CVE-2010-2248, Important) - buffer overflow flaws were found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id60834
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60834
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64

Redhat

advisories
rhsa
idRHSA-2010:0610
rpms
  • kernel-0:2.6.18-194.11.1.el5
  • kernel-PAE-0:2.6.18-194.11.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-194.11.1.el5
  • kernel-PAE-devel-0:2.6.18-194.11.1.el5
  • kernel-debug-0:2.6.18-194.11.1.el5
  • kernel-debug-debuginfo-0:2.6.18-194.11.1.el5
  • kernel-debug-devel-0:2.6.18-194.11.1.el5
  • kernel-debuginfo-0:2.6.18-194.11.1.el5
  • kernel-debuginfo-common-0:2.6.18-194.11.1.el5
  • kernel-devel-0:2.6.18-194.11.1.el5
  • kernel-doc-0:2.6.18-194.11.1.el5
  • kernel-headers-0:2.6.18-194.11.1.el5
  • kernel-kdump-0:2.6.18-194.11.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-194.11.1.el5
  • kernel-kdump-devel-0:2.6.18-194.11.1.el5
  • kernel-xen-0:2.6.18-194.11.1.el5
  • kernel-xen-debuginfo-0:2.6.18-194.11.1.el5
  • kernel-xen-devel-0:2.6.18-194.11.1.el5