Vulnerabilities > CVE-2011-1479 - Resource Management Errors vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Linux Kernel 2.6.x 'inotify_init1()' Double Free Local Denial of Service Vulnerability. CVE-2011-1479. Dos exploit for linux platform |
id | EDB-ID:35600 |
last seen | 2016-02-04 |
modified | 2011-04-11 |
published | 2011-04-11 |
reporter | anonymous |
source | https://www.exploit-db.com/download/35600/ |
title | Linux Kernel 2.6.x - 'inotify_init1' Double Free Local Denial of Service Vulnerability |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1167-1.NASL description Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel last seen 2020-03-18 modified 2011-07-14 plugin id 55591 published 2011-07-14 reporter Ubuntu Security Notice (C) 2011-2020 Canonical, Inc. / NASL script (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55591 title Ubuntu 11.04 : linux vulnerabilities (USN-1167-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1167-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(55591); script_version("1.15"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/26"); script_cve_id("CVE-2010-3859", "CVE-2010-3874", "CVE-2010-3875", "CVE-2010-3876", "CVE-2010-3877", "CVE-2010-3880", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4163", "CVE-2010-4164", "CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4175", "CVE-2010-4243", "CVE-2010-4248", "CVE-2010-4249", "CVE-2010-4250", "CVE-2010-4256", "CVE-2010-4258", "CVE-2010-4342", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4529", "CVE-2010-4565", "CVE-2010-4649", "CVE-2010-4668", "CVE-2011-0463", "CVE-2011-0521", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0712", "CVE-2011-0726", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1012", "CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1017", "CVE-2011-1019", "CVE-2011-1044", "CVE-2011-1076", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1082", "CVE-2011-1083", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1163", "CVE-2011-1169", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-1180", "CVE-2011-1182", "CVE-2011-1476", "CVE-2011-1477", "CVE-2011-1479", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1747", "CVE-2011-1748", "CVE-2011-1759", "CVE-2011-1770", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1927", "CVE-2011-2022", "CVE-2011-2479", "CVE-2011-2496", "CVE-2011-2498", "CVE-2011-2534", "CVE-2011-3359", "CVE-2011-3363", "CVE-2011-4913"); script_bugtraq_id(44354, 44630, 44661, 44665, 44758, 44793, 44830, 44861, 44921, 45004, 45028, 45037, 45055, 45125, 45159, 45321, 45323, 45556, 45629, 45660, 45986, 46073, 46417, 46419, 46442, 46488, 46492, 46557, 46732, 46839, 47116, 47639, 47791, 47792); script_xref(name:"USN", value:"1167-1"); script_name(english:"Ubuntu 11.04 : linux vulnerabilities (USN-1167-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927) Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463) Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534) Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1173) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Dan Rosenberg reported errors in the OSS (Open Sound System) MIDI interface. A local attacker on non-x86 systems might be able to cause a denial of service. (CVE-2011-1476) Dan Rosenberg reported errors in the kernel's OSS (Open Sound System) driver for Yamaha FM synthesizer chips. A local user can exploit this to cause memory corruption, causing a denial of service or privilege escalation. (CVE-2011-1477) It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1494, CVE-2011-1495) Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598, CVE-2011-1748) Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022) Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746) Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770) Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771) Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776) It was discovered that an mmap() call with the MAP_PRIVATE flag on '/dev/zero' was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2479) Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496) The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. (CVE-2011-2498) A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363) Dan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by amateur radio. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4913). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1167-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/22"); script_set_attribute(attribute:"patch_publication_date", value:"2011/07/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2011-2020 Canonical, Inc. / NASL script (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2010-3859", "CVE-2010-3874", "CVE-2010-3875", "CVE-2010-3876", "CVE-2010-3877", "CVE-2010-3880", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4163", "CVE-2010-4164", "CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4175", "CVE-2010-4243", "CVE-2010-4248", "CVE-2010-4249", "CVE-2010-4250", "CVE-2010-4256", "CVE-2010-4258", "CVE-2010-4342", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4529", "CVE-2010-4565", "CVE-2010-4649", "CVE-2010-4668", "CVE-2011-0463", "CVE-2011-0521", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0712", "CVE-2011-0726", "CVE-2011-0999", "CVE-2011-1010", "CVE-2011-1012", "CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1017", "CVE-2011-1019", "CVE-2011-1044", "CVE-2011-1076", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1082", "CVE-2011-1083", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1163", "CVE-2011-1169", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-1180", "CVE-2011-1182", "CVE-2011-1476", "CVE-2011-1477", "CVE-2011-1479", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1747", "CVE-2011-1748", "CVE-2011-1759", "CVE-2011-1770", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1927", "CVE-2011-2022", "CVE-2011-2479", "CVE-2011-2496", "CVE-2011-2498", "CVE-2011-2534", "CVE-2011-3359", "CVE-2011-3363", "CVE-2011-4913"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1167-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-10-generic", pkgver:"2.6.38-10.46")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-10-generic-pae", pkgver:"2.6.38-10.46")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-10-server", pkgver:"2.6.38-10.46")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-10-versatile", pkgver:"2.6.38-10.46")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-10-virtual", pkgver:"2.6.38-10.46")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_4_KERNEL-110726.NASL description The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues. Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. CVE-2011-2022: The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. CVE-2011-1745: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. CVE-2011-2493: A denial of service on mounting invalid ext4 filesystems was fixed. CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. CVE-2011-2498: Also account PTE pages when calculating OOM scoring, which could have lead to a denial of service. CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system. CVE-2011-1927: A missing route validation issue in ip_expire() could be used by remote attackers to trigger a NULL ptr dereference, crashing parts of the kernel. CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. last seen 2020-06-01 modified 2020-06-02 plugin id 75880 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75880 title openSUSE Security Update : kernel (openSUSE-SU-2011:0860-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update kernel-4932. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75880); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1479", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1927", "CVE-2011-2022", "CVE-2011-2182", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2493", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2498"); script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2011:0860-1)"); script_summary(english:"Check for the kernel-4932 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues. Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. CVE-2011-2022: The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. CVE-2011-1745: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. CVE-2011-2493: A denial of service on mounting invalid ext4 filesystems was fixed. CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. CVE-2011-2498: Also account PTE pages when calculating OOM scoring, which could have lead to a denial of service. CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system. CVE-2011-1927: A missing route validation issue in ip_expire() could be used by remote attackers to trigger a NULL ptr dereference, crashing parts of the kernel. CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=584493" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=595586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=655693" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=661979" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=666423" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=669889" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=672008" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=674648" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=674982" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=677827" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=679545" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=681826" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=681840" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=687368" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688432" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=689583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=689797" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=692497" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=692502" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=693013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=693043" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=693374" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=693382" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=694498" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=697859" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=698221" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=698247" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=699123" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=701998" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=702013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=702285" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=702579" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=703155" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=704788" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-08/msg00002.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-base-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-base-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-debugsource-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-devel-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-base-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-base-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-debugsource-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-devel-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-base-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-base-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-debugsource-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-devel-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-base-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-base-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-debugsource-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-devel-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-extra-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-extra-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-base-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-base-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-debugsource-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-devel-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-source-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-source-vanilla-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-syms-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-base-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-base-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-debugsource-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-devel-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-base-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-base-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-debugsource-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-devel-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-base-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-base-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-debugsource-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-devel-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-base-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-base-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-debugsource-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-devel-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-devel-debuginfo-2.6.37.6-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"preload-kmp-default-1.2_k2.6.37.6_0.7-6.7.12") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"preload-kmp-default-debuginfo-1.2_k2.6.37.6_0.7-6.7.12") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"preload-kmp-desktop-1.2_k2.6.37.6_0.7-6.7.12") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"preload-kmp-desktop-debuginfo-1.2_k2.6.37.6_0.7-6.7.12") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1256-1.NASL description It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771) Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Ben Hutchings reported a flaw in the kernel last seen 2020-06-01 modified 2020-06-02 plugin id 56768 published 2011-11-10 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56768 title Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1256-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(56768); script_version("1.18"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2010-4250", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1493", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2182", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2479", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3619", "CVE-2011-3637", "CVE-2011-4087", "CVE-2011-4326", "CVE-2011-4914"); script_bugtraq_id(46567, 46616, 46793, 46866, 46935, 46980, 47056, 47296, 47308, 47321, 47343, 47381, 47768, 47796, 47852, 47853, 47926, 48101, 48333, 48347, 48383, 48441, 48472, 48538, 48641, 48677, 48697, 48802, 48804, 48907, 48929, 49108, 49140, 49141, 49408, 49411, 50314); script_xref(name:"USN", value:"1256-1"); script_name(english:"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771) Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182) Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213) It was discovered that an mmap() call with the MAP_PRIVATE flag on '/dev/zero' was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2479) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493) Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496) Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497) Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525) It was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928) Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2942) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191) Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363) A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system. (CVE-2011-3619) A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637) Scot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4087) A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1256-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/28"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2010-4250", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1493", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2182", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2479", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3619", "CVE-2011-3637", "CVE-2011-4087", "CVE-2011-4326", "CVE-2011-4914"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1256-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-12-generic", pkgver:"2.6.38-12.51~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-12-generic-pae", pkgver:"2.6.38-12.51~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-12-server", pkgver:"2.6.38-12.51~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-12-virtual", pkgver:"2.6.38-12.51~lucid1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1242-1.NASL description It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56641 published 2011-10-26 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56641 title Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1242-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1242-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(56641); script_version("1.10"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2010-4250", "CVE-2011-1479", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2695", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-3188", "CVE-2011-3363"); script_bugtraq_id(47296); script_xref(name:"USN", value:"1242-1"); script_name(english:"Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1242-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1242-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/28"); script_set_attribute(attribute:"patch_publication_date", value:"2011/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2010-4250", "CVE-2011-1479", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2695", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-3188", "CVE-2011-3363"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1242-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.35-30-generic", pkgver:"2.6.35-30.61~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.35-30-generic-pae", pkgver:"2.6.35-30.61~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.35-30-server", pkgver:"2.6.35-30.61~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.35-30-virtual", pkgver:"2.6.35-30.61~lucid1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1253.NASL description Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Security fixes : * A flaw in the SCTP and DCCP implementations could allow a remote attacker to cause a denial of service. (CVE-2010-4526, CVE-2011-1770, Important) * Flaws in the Management Module Support for Message Passing Technology (MPT) based controllers could allow a local, unprivileged user to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important) * Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(), could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, Important) * A flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * A flaw in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges. (CVE-2011-2497, Important) * Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * A local, unprivileged user could allocate large amounts of memory not visible to the OOM killer, causing a denial of service. (CVE-2010-4243, Moderate) * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * A local, privileged user could possibly write arbitrary kernel memory via /sys/kernel/debug/acpi/custom_method. (CVE-2011-1021, Moderate) * Inconsistency in the methods for allocating and freeing NFSv4 ACL data; CVE-2010-4250 fix caused a regression; a flaw in next_pidmap() and inet_diag_bc_audit(); flaws in the CAN implementation; a race condition in the memory merging support; a flaw in the taskstats subsystem; and the way mapping expansions were handled could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1090, CVE-2011-1479, CVE-2011-1593, CVE-2011-2213, CVE-2011-1598, CVE-2011-1748, CVE-2011-2183, CVE-2011-2484, CVE-2011-2496, Moderate) * A flaw in GRO could result in a denial of service when a malformed VLAN frame is received. (CVE-2011-1478, Moderate) * napi_reuse_skb() could be called on VLAN packets allowing an attacker on the local network to possibly trigger a denial of service. (CVE-2011-1576, Moderate) * A denial of service could occur if packets were received while the ipip or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768, Moderate) * Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495, Low) * Flaws in the EFI GUID Partition Table implementation could allow a local attacker to cause a denial of service. (CVE-2011-1577, CVE-2011-1776, Low) * While a user has a CIFS share mounted that required successful authentication, a local, unprivileged user could mount that share without knowing the correct password if mount.cifs was setuid root. (CVE-2011-1585, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770, CVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213; Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495; Vasily Averin for reporting CVE-2011-2491; Brad Spengler for reporting CVE-2010-4243; Kees Cook for reporting CVE-2011-1020; Robert Swiecki for reporting CVE-2011-1593 and CVE-2011-2496; Oliver Hartkopp for reporting CVE-2011-1748; Andrea Righi for reporting CVE-2011-2183; Ryan Sweat for reporting CVE-2011-1478 and CVE-2011-1576; Peter Huewe for reporting CVE-2011-1160; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Timo Warns for reporting CVE-2011-1577 and CVE-2011-1776. last seen 2020-06-01 modified 2020-06-02 plugin id 76634 published 2014-07-22 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76634 title RHEL 6 : MRG (RHSA-2011:1253) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:1253. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(76634); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:16"); script_cve_id("CVE-2010-4243", "CVE-2010-4526", "CVE-2011-1020", "CVE-2011-1021", "CVE-2011-1090", "CVE-2011-1160", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1748", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1770", "CVE-2011-1776", "CVE-2011-2022", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695"); script_bugtraq_id(45004, 45661, 46567, 46766, 46866, 47056, 47185, 47296, 47321, 47343, 47381, 47497, 47503, 47534, 47535, 47769, 47796, 47835, 47843, 47852, 47853, 48333, 48383, 48441, 48472, 48538, 48697, 48907, 49141, 49408); script_xref(name:"RHSA", value:"2011:1253"); script_name(english:"RHEL 6 : MRG (RHSA-2011:1253)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Security fixes : * A flaw in the SCTP and DCCP implementations could allow a remote attacker to cause a denial of service. (CVE-2010-4526, CVE-2011-1770, Important) * Flaws in the Management Module Support for Message Passing Technology (MPT) based controllers could allow a local, unprivileged user to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important) * Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(), could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, Important) * A flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * A flaw in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges. (CVE-2011-2497, Important) * Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * A local, unprivileged user could allocate large amounts of memory not visible to the OOM killer, causing a denial of service. (CVE-2010-4243, Moderate) * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * A local, privileged user could possibly write arbitrary kernel memory via /sys/kernel/debug/acpi/custom_method. (CVE-2011-1021, Moderate) * Inconsistency in the methods for allocating and freeing NFSv4 ACL data; CVE-2010-4250 fix caused a regression; a flaw in next_pidmap() and inet_diag_bc_audit(); flaws in the CAN implementation; a race condition in the memory merging support; a flaw in the taskstats subsystem; and the way mapping expansions were handled could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1090, CVE-2011-1479, CVE-2011-1593, CVE-2011-2213, CVE-2011-1598, CVE-2011-1748, CVE-2011-2183, CVE-2011-2484, CVE-2011-2496, Moderate) * A flaw in GRO could result in a denial of service when a malformed VLAN frame is received. (CVE-2011-1478, Moderate) * napi_reuse_skb() could be called on VLAN packets allowing an attacker on the local network to possibly trigger a denial of service. (CVE-2011-1576, Moderate) * A denial of service could occur if packets were received while the ipip or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768, Moderate) * Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495, Low) * Flaws in the EFI GUID Partition Table implementation could allow a local attacker to cause a denial of service. (CVE-2011-1577, CVE-2011-1776, Low) * While a user has a CIFS share mounted that required successful authentication, a local, unprivileged user could mount that share without knowing the correct password if mount.cifs was setuid root. (CVE-2011-1585, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770, CVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213; Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495; Vasily Averin for reporting CVE-2011-2491; Brad Spengler for reporting CVE-2010-4243; Kees Cook for reporting CVE-2011-1020; Robert Swiecki for reporting CVE-2011-1593 and CVE-2011-2496; Oliver Hartkopp for reporting CVE-2011-1748; Andrea Righi for reporting CVE-2011-2183; Ryan Sweat for reporting CVE-2011-1478 and CVE-2011-1576; Peter Huewe for reporting CVE-2011-1160; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Timo Warns for reporting CVE-2011-1577 and CVE-2011-1776." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-4243" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-4526" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1020" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1021" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1090" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1160" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1478" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1479" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1494" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1495" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1576" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1577" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1585" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1593" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1598" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1745" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1746" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1748" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1767" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1768" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1770" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1776" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2022" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2183" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2213" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2484" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2491" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2492" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2495" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2496" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2497" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2517" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2695" ); # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2.0/html/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5464fa08" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2011:1253" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2011/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2010-4243", "CVE-2010-4526", "CVE-2011-1020", "CVE-2011-1021", "CVE-2011-1090", "CVE-2011-1160", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1748", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1770", "CVE-2011-1776", "CVE-2011-2022", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2011:1253"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2011:1253"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG"); if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", reference:"kernel-rt-doc-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.75.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-2.6.33.9-rt31.75.el6rt")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_11_3_KERNEL-110726.NASL description The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system. CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. CVE-2011-1585: When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. CVE-2011-1160: Kernel information via the TPM devices could by used by local attackers to read kernel memory. CVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. CVE-2011-1180: In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory. CVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. CVE-2011-1013: A signedness issue in the drm ioctl handling could be used by local attackers to potentially overflow kernel buffers and execute code. last seen 2020-06-01 modified 2020-06-02 plugin id 75555 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75555 title openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update kernel-4931. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75555); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1479", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-2182", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2496"); script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)"); script_summary(english:"Check for the kernel-4931 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system. CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. CVE-2011-1585: When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. CVE-2011-1160: Kernel information via the TPM devices could by used by local attackers to read kernel memory. CVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. CVE-2011-1180: In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory. CVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. CVE-2011-1013: A signedness issue in the drm ioctl handling could be used by local attackers to potentially overflow kernel buffers and execute code." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=584493" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=595586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=642142" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=655693" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=669889" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=669937" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=670860" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=670868" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=673934" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=674648" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=674691" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=674693" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=674982" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=676419" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=677827" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=679898" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=680040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=681497" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=683282" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=687113" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688432" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=689414" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=692459" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=692502" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=693374" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=693382" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=698221" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=698247" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=702013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=702285" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=703153" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=703155" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-08/msg00003.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"kernel-debug-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-debug-base-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-debug-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-default-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-default-base-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-default-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-desktop-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-desktop-base-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-desktop-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-ec2-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-ec2-base-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-ec2-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-ec2-extra-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-pae-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-pae-base-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-pae-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-source-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-source-vanilla-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-syms-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-trace-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-trace-base-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-trace-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-vanilla-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-vanilla-base-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-vanilla-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-vmi-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-vmi-base-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-vmi-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-xen-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-xen-base-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"kernel-xen-devel-2.6.34.10-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"preload-kmp-default-1.1_k2.6.34.10_0.2-19.1.24") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"preload-kmp-desktop-1.1_k2.6.34.10_0.2-19.1.24") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1243-1.NASL description It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56642 published 2011-10-26 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56642 title Ubuntu 10.10 : linux vulnerabilities (USN-1243-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1243-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(56642); script_version("1.10"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2010-4250", "CVE-2011-1479", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2695", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-3188", "CVE-2011-3363"); script_bugtraq_id(47296); script_xref(name:"USN", value:"1243-1"); script_name(english:"Ubuntu 10.10 : linux vulnerabilities (USN-1243-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1243-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/28"); script_set_attribute(attribute:"patch_publication_date", value:"2011/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2010-4250", "CVE-2011-1479", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2695", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-3188", "CVE-2011-3363"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1243-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-30-generic", pkgver:"2.6.35-30.61")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-30-generic-pae", pkgver:"2.6.35-30.61")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-30-server", pkgver:"2.6.35-30.61")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-30-versatile", pkgver:"2.6.35-30.61")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-30-virtual", pkgver:"2.6.35-30.61")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc"); }
Redhat
rpms |
|
Seebug
bulletinFamily | exploit |
description | Bugtraq ID: 47296 CVE ID:CVE-2011-1479 Linux是一款开放源代码的操作系统。 "inotify_init1()"系统调用实现存在一个两次释放错误,本地攻击者可以利用漏洞使内核崩溃。 Linux kernel 2.6.37 Linux kernel 2.6.36 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.34 Linux kernel 2.6.34 Linux kernel 2.6.33 .1 Linux kernel 2.6.33 Linux kernel 2.6.32 .9 Linux kernel 2.6.32 Linux kernel 2.6.31 5 Linux kernel 2.6.31 13 Linux kernel 2.6.31 .2 Linux kernel 2.6.31 .11 Linux kernel 2.6.31 -rc7 Linux kernel 2.6.31 -rc6 Linux kernel 2.6.31 -rc3 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.31 -rc1 Linux kernel 2.6.31 Linux kernel 2.6.30 .10 Linux kernel 2.6.30 .1 Linux kernel 2.6.30 -rc6 Linux kernel 2.6.30 -rc5 Linux kernel 2.6.30 -rc3 Linux kernel 2.6.30 -rc2 Linux kernel 2.6.30 -rc1 Linux kernel 2.6.30 Linux kernel 2.6.29 .4 Linux kernel 2.6.29 .1 Linux kernel 2.6.29 -git8 Linux kernel 2.6.29 -git14 Linux kernel 2.6.29 -git1 Linux kernel 2.6.29 Linux kernel 2.6.28 .9 Linux kernel 2.6.28 .8 Linux kernel 2.6.28 .6 Linux kernel 2.6.28 .5 Linux kernel 2.6.28 .3 Linux kernel 2.6.28 .2 Linux kernel 2.6.28 .1 Linux kernel 2.6.28 -rc7 Linux kernel 2.6.28 -rc5 Linux kernel 2.6.28 -rc1 Linux kernel 2.6.28 -git7 Linux kernel 2.6.28 Linux kernel 2.6.27 6 Linux kernel 2.6.27 3 Linux kernel 2.6.27 12 Linux kernel 2.6.27 .8 Linux kernel 2.6.27 .5 Linux kernel 2.6.27 .5 Linux kernel 2.6.27 .46 Linux kernel 2.6.27 .24 Linux kernel 2.6.27 .14 Linux kernel 2.6.27 .13 Linux kernel 2.6.27 .12 Linux kernel 2.6.27 -rc8-git5 Linux kernel 2.6.27 -rc8 Linux kernel 2.6.27 -rc6-git6 Linux kernel 2.6.27 -rc6 Linux kernel 2.6.27 -rc5 Linux kernel 2.6.27 -rc4 Linux kernel 2.6.27 -rc2 Linux kernel 2.6.27 -rc1 Linux kernel 2.6.27 Linux kernel 2.6.26 7 Linux kernel 2.6.26 .6 Linux kernel 2.6.26 .4 Linux kernel 2.6.26 .3 Linux kernel 2.6.26 -rc6 Linux kernel 2.6.26 Linux kernel 2.6.25 19 Linux kernel 2.6.25 .9 Linux kernel 2.6.25 .8 Linux kernel 2.6.25 .7 Linux kernel 2.6.25 .6 Linux kernel 2.6.25 .5 Linux kernel 2.6.25 .15 Linux kernel 2.6.25 .13 Linux kernel 2.6.25 .12 Linux kernel 2.6.25 .11 Linux kernel 2.6.25 .10 Linux kernel 2.6.25 Linux kernel 2.6.24 .2 Linux kernel 2.6.24 .1 Linux kernel 2.6.24 -rc5 Linux kernel 2.6.24 -rc4 Linux kernel 2.6.24 -rc3 Linux kernel 2.6.24 -git13 Linux kernel 2.6.24 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .3 Linux kernel 2.6.23 .3 Linux kernel 2.6.23 .2 Linux kernel 2.6.23 .2 Linux kernel 2.6.23 -rc2 Linux kernel 2.6.23 -rc1 Linux kernel 2.6.23 Linux kernel 2.6.23 Linux kernel 2.6.22 rc6 Linux kernel 2.6.22 .8 Linux kernel 2.6.22 .7 Linux kernel 2.6.22 .7 Linux kernel 2.6.22 .6 Linux kernel 2.6.22 .6 Linux kernel 2.6.22 .5 Linux kernel 2.6.22 .5 Linux kernel 2.6.22 .4 Linux kernel 2.6.22 .4 Linux kernel 2.6.22 .3 Linux kernel 2.6.22 .3 Linux kernel 2.6.22 .2 Linux kernel 2.6.22 .17 Linux kernel 2.6.22 .16 Linux kernel 2.6.22 .15 Linux kernel 2.6.22 .14 Linux kernel 2.6.22 .13 Linux kernel 2.6.22 .12 Linux kernel 2.6.22 .11 Linux kernel 2.6.22 .1 Linux kernel 2.6.22 Linux kernel 2.6.22 Linux kernel 2.6.21 rc7 Linux kernel 2.6.21 git5 Linux kernel 2.6.21 git4 Linux kernel 2.6.21 git3 Linux kernel 2.6.21 git2 Linux kernel 2.6.21 git1 Linux kernel 2.6.21 git 7 Linux kernel 2.6.21 git 6 Linux kernel 2.6.21 4 Linux kernel 2.6.21 .7 Linux kernel 2.6.21 .6 Linux kernel 2.6.21 .3 Linux kernel 2.6.21 .2 Linux kernel 2.6.21 .1 Linux kernel 2.6.21 -git8 Linux kernel 2.6.21 Linux kernel 2.6.20 .9 Linux kernel 2.6.20 .8 Linux kernel 2.6.20 .7 Linux kernel 2.6.20 .6 Linux kernel 2.6.20 .5 Linux kernel 2.6.20 .4 Linux kernel 2.6.20 .15 Linux kernel 2.6.20 .14 Linux kernel 2.6.20 .12 Linux kernel 2.6.20 .10 Linux kernel 2.6.20 .1 Linux kernel 2.6.20 -git5 Linux kernel 2.6.20 Linux kernel 2.6.19 .4 Linux kernel 2.6.19 .3 Linux kernel 2.6.19 .2 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 -rc4 Linux kernel 2.6.19 -rc3 Linux kernel 2.6.19 -rc2 Linux kernel 2.6.19 -rc1 Linux kernel 2.6.19 Linux kernel 2.6.18 rc7 Linux kernel 2.6.18 rc6 Linux kernel 2.6.18 rc5 Linux kernel 2.6.18 rc4 Linux kernel 2.6.18 rc3 Linux kernel 2.6.18 rc2 Linux kernel 2.6.18 rc1 Linux kernel 2.6.18 .8 Linux kernel 2.6.18 .7 Linux kernel 2.6.18 .6 Linux kernel 2.6.18 .5 Linux kernel 2.6.18 .4 Linux kernel 2.6.18 .4 Linux kernel 2.6.18 .3 Linux kernel 2.6.18 .3 Linux kernel 2.6.18 .2 Linux kernel 2.6.18 .1 Linux kernel 2.6.17 rc6 Linux kernel 2.6.17 rc4 Linux kernel 2.6.17 rc3 Linux kernel 2.6.17 rc2 Linux kernel 2.6.17 rc1 Linux kernel 2.6.17 .9 Linux kernel 2.6.17 .9 Linux kernel 2.6.17 .8 Linux kernel 2.6.17 .8 Linux kernel 2.6.17 .7 Linux kernel 2.6.17 .7 Linux kernel 2.6.17 .6 Linux kernel 2.6.17 .6 Linux kernel 2.6.17 .5 Linux kernel 2.6.17 .5 Linux kernel 2.6.17 .4 Linux kernel 2.6.17 .4 Linux kernel 2.6.17 .3 Linux kernel 2.6.17 .3 Linux kernel 2.6.17 .2 Linux kernel 2.6.17 .2 Linux kernel 2.6.17 .14 Linux kernel 2.6.17 .14 Linux kernel 2.6.17 .13 Linux kernel 2.6.17 .13 Linux kernel 2.6.17 .12 Linux kernel 2.6.17 .12 Linux kernel 2.6.17 .11 Linux kernel 2.6.17 .11 Linux kernel 2.6.17 .10 Linux kernel 2.6.17 .10 Linux kernel 2.6.17 .1 Linux kernel 2.6.17 .1 Linux kernel 2.6.17 -rc5 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.16 rc6 Linux kernel 2.6.16 rc5 Linux kernel 2.6.16 rc4 Linux kernel 2.6.16 rc3 Linux kernel 2.6.16 rc2 Linux kernel 2.6.16 27 Linux kernel 2.6.16 13 Linux kernel 2.6.16 .9 Linux kernel 2.6.16 .8 Linux kernel 2.6.16 .8 Linux kernel 2.6.16 .7 Linux kernel 2.6.16 .6 Linux kernel 2.6.16 .53 Linux kernel 2.6.16 .52 Linux kernel 2.6.16 .51 Linux kernel 2.6.16 .50 Linux kernel 2.6.16 .5 Linux kernel 2.6.16 .5 Linux kernel 2.6.16 .49 Linux kernel 2.6.16 .48 Linux kernel 2.6.16 .47 Linux kernel 2.6.16 .46 Linux kernel 2.6.16 .45 Linux kernel 2.6.16 .44 Linux kernel 2.6.16 .43 Linux kernel 2.6.16 .41 Linux kernel 2.6.16 .40 Linux kernel 2.6.16 .4 Linux kernel 2.6.16 .4 Linux kernel 2.6.16 .39 Linux kernel 2.6.16 .38 Linux kernel 2.6.16 .37 Linux kernel 2.6.16 .36 Linux kernel 2.6.16 .35 Linux kernel 2.6.16 .34 Linux kernel 2.6.16 .33 Linux kernel 2.6.16 .32 Linux kernel 2.6.16 .31 Linux kernel 2.6.16 .30 Linux kernel 2.6.16 .3 Linux kernel 2.6.16 .3 Linux kernel 2.6.16 .29 Linux kernel 2.6.16 .28 Linux kernel 2.6.16 .27 Linux kernel 2.6.16 .26 Linux kernel 2.6.16 .25 Linux kernel 2.6.16 .24 Linux kernel 2.6.16 .23 Linux kernel 2.6.16 .23 Linux kernel 2.6.16 .23 Linux kernel 2.6.16 .22 Linux kernel 2.6.16 .21 Linux kernel 2.6.16 .21 Linux kernel 2.6.16 .20 Linux kernel 2.6.16 .2 Linux kernel 2.6.16 .2 Linux kernel 2.6.16 .19 Linux kernel 2.6.16 .18 Linux kernel 2.6.16 .18 Linux kernel 2.6.16 .17 Linux kernel 2.6.16 .17 Linux kernel 2.6.16 .16 Linux kernel 2.6.16 .16 Linux kernel 2.6.16 .15 Linux kernel 2.6.16 .14 Linux kernel 2.6.16 .12 Linux kernel 2.6.16 .11 Linux kernel 2.6.16 .10 Linux kernel 2.6.16 .1 Linux kernel 2.6.16 -rc1 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.15 rc7 Linux kernel 2.6.15 .7 Linux kernel 2.6.15 .6 Linux kernel 2.6.15 .6 Linux kernel 2.6.15 .4 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .2 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 -rc6 Linux kernel 2.6.15 -rc5 Linux kernel 2.6.15 -rc4 Linux kernel 2.6.15 -rc3 Linux kernel 2.6.15 -rc2 Linux kernel 2.6.15 -rc1 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.14 .7 Linux kernel 2.6.14 .6 Linux kernel 2.6.14 .5 Linux kernel 2.6.14 .5 Linux kernel 2.6.14 .4 Linux kernel 2.6.14 .4 Linux kernel 2.6.14 .3 Linux kernel 2.6.14 .2 Linux kernel 2.6.14 .1 Linux kernel 2.6.14 -rc5 Linux kernel 2.6.14 -rc4 Linux kernel 2.6.14 -rc3 Linux kernel 2.6.14 -rc2 Linux kernel 2.6.14 -rc1 Linux kernel 2.6.14 Linux kernel 2.6.14 Linux kernel 2.6.13 rc5 Linux kernel 2.6.13 rc3 Linux kernel 2.6.13 rc2 Linux kernel 2.6.13 .5 Linux kernel 2.6.13 .4 Linux kernel 2.6.13 .3 Linux kernel 2.6.13 .2 Linux kernel 2.6.13 .1 Linux kernel 2.6.13 -rc7 Linux kernel 2.6.13 -rc6 Linux kernel 2.6.13 -rc4 Linux kernel 2.6.13 -rc1 Linux kernel 2.6.13 Linux kernel 2.6.13 Linux kernel 2.6.12 rc6 Linux kernel 2.6.12 rc3 Linux kernel 2.6.12 rc2 Linux kernel 2.6.12 .6 Linux kernel 2.6.12 .5 Linux kernel 2.6.12 .4 Linux kernel 2.6.12 .3 Linux kernel 2.6.12 .22 Linux kernel 2.6.12 .2 Linux kernel 2.6.12 .12 Linux kernel 2.6.12 .1 Linux kernel 2.6.12 -rc5 Linux kernel 2.6.12 -rc4 Linux kernel 2.6.12 -rc1 Linux kernel 2.6.12 Linux kernel 2.6.12 Linux kernel 2.6.11 rc5 Linux kernel 2.6.11 rc1 Linux kernel 2.6.11 .9 Linux kernel 2.6.11 .8 Linux kernel 2.6.11 .7 Linux kernel 2.6.11 .6 Linux kernel 2.6.11 .5 Linux kernel 2.6.11 .4 Linux kernel 2.6.11 .3 Linux kernel 2.6.11 .2 Linux kernel 2.6.11 .12 Linux kernel 2.6.11 .11 Linux kernel 2.6.11 .10 Linux kernel 2.6.11 .1 Linux kernel 2.6.11 -rc4 Linux kernel 2.6.11 -rc3 Linux kernel 2.6.11 -rc2 Linux kernel 2.6.11 Linux kernel 2.6.11 Linux kernel 2.6.10 rc3 Linux kernel 2.6.10 rc2 Linux kernel 2.6.10 rc1 Linux kernel 2.6.10 Linux kernel 2.6.10 Linux kernel 2.6.9 rc4 Linux kernel 2.6.9 rc3 Linux kernel 2.6.9 rc2 Linux kernel 2.6.9 rc1 Linux kernel 2.6.9 final Linux kernel 2.6.9 Linux kernel 2.6.9 Linux kernel 2.6.8 rc4 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.8 Linux kernel 2.6.8 Linux kernel 2.6.7 rc3 Linux kernel 2.6.7 rc2 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.7 Linux kernel 2.6.6 rc3 Linux kernel 2.6.6 rc2 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.6 Linux kernel 2.6.5 rc3 Linux kernel 2.6.5 rc2 Linux kernel 2.6.5 rc1 Linux kernel 2.6.5 Linux kernel 2.6.5 Linux kernel 2.6.4 rc3 Linux kernel 2.6.4 rc2 Linux kernel 2.6.4 rc1 Linux kernel 2.6.4 Linux kernel 2.6.4 Linux kernel 2.6.3 rc4 Linux kernel 2.6.3 rc3 Linux kernel 2.6.3 rc2 Linux kernel 2.6.3 rc1 Linux kernel 2.6.3 Linux kernel 2.6.3 Linux kernel 2.6.2 rc3 Linux kernel 2.6.2 rc2 Linux kernel 2.6.2 rc1 Linux kernel 2.6.2 Linux kernel 2.6.2 Linux kernel 2.6.1 rc3 Linux kernel 2.6.1 0 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6.1 Linux kernel 2.6 .10 Linux kernel 2.6 -test9-CVS Linux kernel 2.6 -test9 Linux kernel 2.6 -test8 Linux kernel 2.6 -test7 Linux kernel 2.6 -test6 Linux kernel 2.6 -test5 Linux kernel 2.6 -test4 Linux kernel 2.6 -test3 Linux kernel 2.6 -test2 Linux kernel 2.6 -test11 Linux kernel 2.6 -test10 Linux kernel 2.6 -test1 Linux kernel 2.6 Linux kernel 2.6.8.1 Linux kernel 2.6.8.1 Linux kernel 2.6.36-rc8 Linux kernel 2.6.36-rc6 Linux kernel 2.6.36-rc5 Linux kernel 2.6.36-rc4 Linux kernel 2.6.36-rc1 Linux kernel 2.6.35.5 Linux kernel 2.6.35.4 Linux kernel 2.6.35.1 Linux kernel 2.6.35.1 Linux kernel 2.6.35-rc6 Linux kernel 2.6.35-rc5-git5 Linux kernel 2.6.35-rc5 Linux kernel 2.6.35-rc4 Linux kernel 2.6.35-rc1 Linux kernel 2.6.34.3 Linux kernel 2.6.34.2 Linux kernel 2.6.34.1 Linux kernel 2.6.34-rc6 Linux kernel 2.6.34-rc5 Linux kernel 2.6.34-rc4 Linux kernel 2.6.34-rc2-git1 Linux kernel 2.6.34-rc2 Linux kernel 2.6.34-rc1 Linux kernel 2.6.33.7 Linux kernel 2.6.33-rc8 Linux kernel 2.6.33-rc7 Linux kernel 2.6.33-rc7 Linux kernel 2.6.33-rc6-git5 Linux kernel 2.6.33-rc6 Linux kernel 2.6.33-rc5 Linux kernel 2.6.33-rc4 Linux kernel 2.6.32.8 Linux kernel 2.6.32.7 Linux kernel 2.6.32.6 Linux kernel 2.6.32.5 Linux kernel 2.6.32.4 Linux kernel 2.6.32.3 Linux kernel 2.6.32.22 Linux kernel 2.6.32.2 Linux kernel 2.6.32.18 Linux kernel 2.6.32.17 Linux kernel 2.6.32.16 Linux kernel 2.6.32.15 Linux kernel 2.6.32.14 Linux kernel 2.6.32.13 Linux kernel 2.6.32.12 Linux kernel 2.6.32.11 Linux kernel 2.6.32.10 Linux kernel 2.6.32.1 Linux kernel 2.6.32-rc8 Linux kernel 2.6.32-rc7 Linux kernel 2.6.32-rc5 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.32-rc4 Linux kernel 2.6.32-rc3 Linux kernel 2.6.32-rc2 Linux kernel 2.6.32-rc1 Linux kernel 2.6.31.6 Linux kernel 2.6.31.4 Linux kernel 2.6.31.1 Linux kernel 2.6.31-rc9 Linux kernel 2.6.31-rc8 Linux kernel 2.6.31-rc5-git3 Linux kernel 2.6.31-rc4 Linux kernel 2.6.31-rc2 Linux kernel 2.6.31-git11 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.30.5 Linux kernel 2.6.30.4 Linux kernel 2.6.30.3 Linux kernel 2.6.29-rc2-git1 Linux kernel 2.6.29-rc2 Linux kernel 2.6.29-rc1 Linux kernel 2.6.28.4 Linux kernel 2.6.28.10 Linux kernel 2.6.28-rc7 Linux kernel 2.6.28-rc6 Linux kernel 2.6.28-rc5 Linux kernel 2.6.28-rc5 Linux kernel 2.6.28-rc4 Linux kernel 2.6.27.54 Linux kernel 2.6.27.51 Linux kernel 2.6.27.49 Linux kernel 2.6.27.26 Linux kernel 2.6.27-git3 Linux kernel 2.6.26.1 Linux kernel 2.6.26-rc5-git1 Linux kernel 2.6.25.4 Linux kernel 2.6.25.3 Linux kernel 2.6.25.2 Linux kernel 2.6.25.1 Linux kernel 2.6.25-rc1 Linux kernel 2.6.24.6 Linux kernel 2.6.24.4 Linux kernel 2.6.24.3 Linux kernel 2.6.24-rc2 Linux kernel 2.6.24-rc1 Linux kernel 2.6.24 Rc3 Linux kernel 2.6.24 Rc2 Linux kernel 2.6.23.14 Linux kernel 2.6.23.10 Linux kernel 2.6.23.1 Linux kernel 2.6.23.1 Linux kernel 2.6.23.09 Linux kernel 2.6.23 Rc2 Linux kernel 2.6.22-rc7 Linux kernel 2.6.22-rc1 Linux kernel 2.6.21-RC6 Linux kernel 2.6.21-RC5 Linux kernel 2.6.21-RC4 Linux kernel 2.6.21-RC3 Linux kernel 2.6.20.3 Linux kernel 2.6.20.2 Linux kernel 2.6.20.13 Linux kernel 2.6.20.11 Linux kernel 2.6.20-rc2 Linux kernel 2.6.20-2 Linux kernel 2.6.19 -rc6 Linux kernel 2.6.18.1 Linux kernel 2.6.18-8.1.8.el5 Linux kernel 2.6.18-53 Linux kernel 2.6.18 Linux kernel 2.6.16.9 Linux kernel 2.6.16.7 Linux kernel 2.6.16.19 Linux kernel 2.6.16.13 Linux kernel 2.6.16.12 Linux kernel 2.6.16.11 Linux kernel 2.6.15.5 Linux kernel 2.6.15.5 Linux kernel 2.6.15.4 Linux kernel 2.6.15.11 Linux kernel 2.6.15-27.48 Linux kernel 2.6.14.3 Linux kernel 2.6.14.2 Linux kernel 2.6.14.1 Linux kernel 2.6.13.4 Linux kernel 2.6.13.3 Linux kernel 2.6.13.2 Linux kernel 2.6.13.1 Linux kernel 2.6.12.6 Linux kernel 2.6.12.5 Linux kernel 2.6.12.4 Linux kernel 2.6.12.3 Linux kernel 2.6.12.2 Linux kernel 2.6.12.1 Linux kernel 2.6.11.8 Linux kernel 2.6.11.7 Linux kernel 2.6.11.6 Linux kernel 2.6.11.5 Linux kernel 2.6.11.4 Linux kernel 2.6.11.12 Linux kernel 2.6.11.11 Linux kernel 2.6.0 厂商解决方案 Linux kernel 2.6.39-rc2已经修复此漏洞,建议用户下载使用: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d0de4dc584ec6aa3b26fffea320a8457827768fc |
id | SSV:20471 |
last seen | 2017-11-19 |
modified | 2011-04-13 |
published | 2011-04-13 |
reporter | Root |
title | Linux Kernel 'inotify_init1()'两次释放本地拒绝服务漏洞 |
References
- http://www.openwall.com/lists/oss-security/2011/04/11/1
- https://bugzilla.redhat.com/show_bug.cgi?id=691793
- https://github.com/torvalds/linux/commit/d0de4dc584ec6aa3b26fffea320a8457827768fc
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d0de4dc584ec6aa3b26fffea320a8457827768fc