Vulnerabilities > CVE-2011-3353 - Classic Buffer Overflow vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2389.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-2183 Andrea Righi reported an issue in KSM, a memory-saving de-duplication feature. By exploiting a race with exiting tasks, local users can cause a kernel oops, resulting in a denial of service. - CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. - CVE-2011-2898 Eric Dumazet reported an information leak in the raw packet socket implementation. - CVE-2011-3353 Han-Wen Nienhuys reported a local denial of service issue in the FUSE (Filesystem in Userspace) support in the Linux kernel. Local users could cause a buffer overflow, leading to a kernel oops and resulting in a denial of service. - CVE-2011-4077 Carlos Maiolino reported an issue in the XFS filesystem. A local user with the ability to mount a filesystem could corrupt memory resulting in a denial of service or possibly gain elevated privileges. - CVE-2011-4110 David Howells reported an issue in the kernel last seen 2020-03-17 modified 2012-01-18 plugin id 57583 published 2012-01-18 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57583 title Debian DSA-2389-1 : linux-2.6 - privilege escalation/denial of service/information leak code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2389. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(57583); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2898", "CVE-2011-3353", "CVE-2011-4077", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4611", "CVE-2011-4622", "CVE-2011-4914"); script_bugtraq_id(46935, 48101, 48333, 48986, 49527, 50370, 50755, 51081, 51172, 51176); script_xref(name:"DSA", value:"2389"); script_name(english:"Debian DSA-2389-1 : linux-2.6 - privilege escalation/denial of service/information leak"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-2183 Andrea Righi reported an issue in KSM, a memory-saving de-duplication feature. By exploiting a race with exiting tasks, local users can cause a kernel oops, resulting in a denial of service. - CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. - CVE-2011-2898 Eric Dumazet reported an information leak in the raw packet socket implementation. - CVE-2011-3353 Han-Wen Nienhuys reported a local denial of service issue in the FUSE (Filesystem in Userspace) support in the Linux kernel. Local users could cause a buffer overflow, leading to a kernel oops and resulting in a denial of service. - CVE-2011-4077 Carlos Maiolino reported an issue in the XFS filesystem. A local user with the ability to mount a filesystem could corrupt memory resulting in a denial of service or possibly gain elevated privileges. - CVE-2011-4110 David Howells reported an issue in the kernel's access key retention system which allow local users to cause a kernel oops leading to a denial of service. - CVE-2011-4127 Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough support for SCSI devices. Users with permission to access restricted portions of a device (e.g. a partition or a logical volume) can obtain access to the entire device by way of the SG_IO ioctl. This could be exploited by a local user or privileged VM guest to achieve a privilege escalation. - CVE-2011-4611 Maynard Johnson reported an issue with the perf support on POWER7 systems that allows local users to cause a denial of service. - CVE-2011-4622 Jan Kiszka reported an issue in the KVM PIT timer support. Local users with the permission to use KVM can cause a denial of service by starting a PIT timer without first setting up the irqchip. - CVE-2011-4914 Ben Hutchings reported various bounds checking issues within the ROSE protocol support in the kernel. Remote users could possibly use this to gain access to sensitive memory or cause a denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-2183" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-2213" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-2898" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3353" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4077" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4110" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4127" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4611" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4622" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4914" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/linux-2.6" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2389" ); script_set_attribute( attribute:"solution", value: "Upgrade the linux-2.6 and user-mode-linux packages. For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution (lenny) will be available soon. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update : Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+39squeeze1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"firmware-linux-free", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-base", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-doc-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-486", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-4kc-malta", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-5kc-malta", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686-bigmem", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-armel", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-i386", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-ia64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mips", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mipsel", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-s390", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-sparc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-openvz", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-vserver", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-xen", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-iop32x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-itanium", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-ixp4xx", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-kirkwood", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-mckinley", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-orion5x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc-smp", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r4k-ip22", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-cobalt", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-ip32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-s390x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64-smp", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-versatile", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-itanium", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-mckinley", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-s390x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-sparc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-486", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-4kc-malta", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-5kc-malta", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-iop32x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-itanium", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-ixp4xx", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-kirkwood", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-mckinley", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-orion5x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc-smp", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r4k-ip22", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-cobalt", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-ip32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x-tape", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64-smp", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-versatile", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-itanium", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-mckinley", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-s390x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-sparc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-libc-dev", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-manual-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-patch-debian-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-source-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-support-2.6.32-5", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-tools-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-amd64", reference:"2.6.32-39squeeze1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1325-1.NASL description Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) last seen 2020-06-01 modified 2020-06-02 plugin id 57497 published 2012-01-12 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57497 title USN-1325-1 : linux-ti-omap4 vulnerabilities code # This script was automatically generated from Ubuntu Security # Notice USN-1325-1. It is released under the Nessus Script # Licence. # # Ubuntu Security Notices are (C) Canonical, Inc. # See http://www.ubuntu.com/usn/ # Ubuntu(R) is a registered trademark of Canonical, Inc. if (!defined_func("bn_random")) exit(0); include("compat.inc"); if (description) { script_id(57497); script_version("$Revision: 1.4 $"); script_cvs_date("$Date: 2016/12/01 20:56:51 $"); script_cve_id("CVE-2011-1162", "CVE-2011-2203", "CVE-2011-3353", "CVE-2011-3359", "CVE-2011-4110"); script_xref(name:"USN", value:"1325-1"); script_name(english:"USN-1325-1 : linux-ti-omap4 vulnerabilities"); script_summary(english:"Checks dpkg output for updated package(s)"); script_set_attribute(attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches."); script_set_attribute(attribute:"description", value: "Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)"); script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1325-1/"); script_set_attribute(attribute:"solution", value:"Update the affected package(s)."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/11"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Ubuntu Local Security Checks"); script_copyright("Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("ubuntu.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu."); if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages."); flag = 0; if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-903-omap4", pkgver:"2.6.35-903.29")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:ubuntu_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_3_KERNEL-111026.NASL description The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-1833: Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. CVE-2011-3363: Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes. CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer. CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. CVE-2011-3191: A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. Following non security bugs were fixed : - drm/radeon/kms: Fix I2C mask definitions (bnc#712023). - ext4: Fix max file size and logical block counting of extent format file (bnc#706374). - TTY: pty, fix pty counting (bnc#711203). - Update Xen patches to 2.6.34.10. - xen/blkfront: fix data size for xenbus_gather in connect(). - xen/xenbus: fix xenbus_transaction_start() hang caused by double xenbus_transaction_end(). - xen/blkback: don last seen 2020-06-01 modified 2020-06-02 plugin id 75556 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75556 title openSUSE Security Update : kernel (openSUSE-SU-2011:1221-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1465.NASL description From Red Hat Security Advisory 2011:1465 : Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system last seen 2020-06-01 modified 2020-06-02 plugin id 68393 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68393 title Oracle Linux 6 : kernel (ELSA-2011-1465) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-110930.NASL description The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.46 and fixes various bugs and security issues. The following security issues have been fixed : - A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. (CVE-2011-3191) - In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. (CVE-2011-3353) - The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. (CVE-2011-2928) Also the following non security bugs have been fixed : - CONFIG_CGROUP_MEM_RES_CTLR_SWAP enabled - CONFIG_CGROUP_MEM_RES_CTLR_SWAP_ENABLED disabled by default. Swap accounting can be turned on by swapaccount=1 kernel command line parameter. (bnc#719450) - Make swap accounting default behavior configurable (bnc#719450, bnc#650309, fate#310471). - Added a missing reset for ioc_reset_in_progress in SoftReset in the mtpsas driver. (bnc#711969) - Add support for the Digi/IBM PCIe 2-port Adapter. (bnc#708675) - Always enable MSI-X on 5709. (bnc#707737) - sched: fix broken SCHED_RESET_ON_FORK handling. (bnc#708877) - sched: Fix rt_rq runtime leakage bug. (bnc#707096) - ACPI: allow passing down C1 information if no other C-states exist. - KDB: turn off kdb usb support by default. (bnc#694670 / bnc#603804) - xfs: Added event tracing support. - xfs: fix xfs_fsblock_t tracing. - igb: extend maximum frame size to receive VLAN tagged frames. (bnc#688859) - cfq: Do not allow queue merges for queues that have no process references. (bnc#712929) - cfq: break apart merged cfqqs if they stop cooperating. (bnc#712929) - cfq: calculate the seek_mean per cfq_queue not per cfq_io_context. (bnc#712929) - cfq: change the meaning of the cfqq_coop flag. (bnc#712929) - cfq-iosched: get rid of the coop_preempt flag. (bnc#712929) - cfq: merge cooperating cfq_queues. (bnc#712929) - Fix FDDI and TR config checks in ipv4 arp and LLC. (bnc#715235) - writeback: do uninterruptible sleep in balance_dirty_pages(). (bnc#699354 / bnc#699357) - xfs: fix memory reclaim recursion deadlock on locked inode buffer. (bnc#699355 / bnc#699354) - xfs: use GFP_NOFS for page cache allocation. (bnc#699355 / bnc#699354) - virtio-net: init link state correctly. (bnc#714966) - cpufreq: pcc-cpufreq: sanity check to prevent a NULL pointer dereference. (bnc#709412) - x86: ucode-amd: Do not warn when no ucode is available for a CPU - patches.arch/x86_64-unwind-annotations: Refresh. (bnc#588458) - patches.suse/stack-unwind: Refresh. (bnc#588458) - splice: direct_splice_actor() should not use pos in sd. (bnc#715763) - qdio: 2nd stage retry on SIGA-W busy conditions (bnc#713138,LTC#74402). - TTY: pty, fix pty counting. (bnc#711203) - Avoid deadlock in GFP_IO/GFP_FS allocation. (bnc#632870) - novfs: fix some DirCache locking issues. (bnc#669378) - novfs: fix some kmalloc/kfree issues. (bnc#669378) - novfs: fix off-by-one allocation error. (bnc#669378) - novfs: unlink directory after unmap. (bnc#649625) - novfs: last modification time not reliable. (bnc#642896) - x86 / IO APIC: Reset IRR in clear_IO_APIC_pin(). (bnc#701686, bnc#667386) - mptfusion : Added check for SILI bit in READ_6 CDB for DATA UNDERRUN ERRATA. (bnc#712456) - xfs: serialise unaligned direct IOs. (bnc#707125) - NFS: Ensure that we handle NFS4ERR_STALE_STATEID correctly. (bnc#701443) - NFSv4: Do not call nfs4_state_mark_reclaim_reboot() from error handlers. (bnc#701443) - NFSv4: Fix open recovery. (bnc#701443) - NFSv4.1: Do not call nfs4_schedule_state_recovery() unnecessarily. (bnc#701443) last seen 2020-06-01 modified 2020-06-02 plugin id 57111 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57111 title SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5219 / 5222 / 5223) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1361-1.NASL description Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in KVM last seen 2020-06-01 modified 2020-06-02 plugin id 57935 published 2012-02-14 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57935 title Ubuntu 10.10 : linux vulnerabilities (USN-1361-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1362-1.NASL description Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in KVM last seen 2020-06-01 modified 2020-06-02 plugin id 57936 published 2012-02-14 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57936 title Ubuntu 11.04 : linux vulnerabilities (USN-1362-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1245-1.NASL description Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) Gideon Naim discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 56644 published 2011-10-26 reporter Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56644 title Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1245-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1239-1.NASL description Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) Gideon Naim discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 56638 published 2011-10-26 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56638 title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1239-1) NASL family Scientific Linux Local Security Checks NASL id SL_20111122_KERNEL_ON_SL6_X.NASL description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system last seen 2020-06-01 modified 2020-06-02 plugin id 61179 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61179 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1465.NASL description Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system last seen 2020-06-01 modified 2020-06-02 plugin id 56927 published 2011-11-23 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56927 title RHEL 6 : kernel (RHSA-2011:1465) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1240-1.NASL description Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) Gideon Naim discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 56639 published 2011-10-26 reporter Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56639 title Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1240-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1387-1.NASL description Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 58268 published 2012-03-07 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58268 title Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1387-1) NASL family SuSE Local Security Checks NASL id SUSE_11_4_KERNEL-111026.NASL description The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues. Following security issues have been fixed: CVE-2011-1833: Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. CVE-2011-2695: Multiple off-by-one errors in the ext4 subsystem in the Linux kernel allowed local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer. CVE-2011-3363: Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes. CVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer. CVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system. CVE-2011-2183: Fixed a race between ksmd and other memory management code, which could result in a NULL ptr dereference and kernel crash. CVE-2011-3191: A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. CVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. Following non-security bugs were fixed : - novfs: Unable to change password in the Novell Client for Linux (bnc#713229). - novfs: last modification time not reliable (bnc#642896). - novfs: unlink directory after unmap (bnc#649625). - fs: novfs: Fix exit handlers on local_unlink (bnc#649625). - novfs: last seen 2020-06-01 modified 2020-06-02 plugin id 75881 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75881 title openSUSE Security Update : kernel (openSUSE-SU-2011:1222-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1329-1.NASL description Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 57533 published 2012-01-13 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57533 title USN-1329-1 : linux-ti-omap4 vulnerability NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-2033.NASL description Description of changes: * CVE-2011-1161: Information leak in transmission logic of TPM driver. A missing buffer size check in tpm_transmit could allow leaking of potentially sensitive kernel memory. * CVE-2011-1162: Information leak in TPM driver. A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * CVE-2011-2494: Information leak in task/process statistics. The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) * CVE-2011-3188: Weak TCP sequence number generation. The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * CVE-2011-1577: Missing boundary checks in GPT partition handling. A heap overflow flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68424 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68424 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2033) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0010.NASL description Updated kernel-rt packages that fix several security issues and two bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important) * The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on were handled could allow a remote attacker to cause a denial of service. (CVE-2011-4326, Important) * GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate) * IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A flaw in the FUSE (Filesystem in Userspace) implementation could allow a local user in the fuse group who has access to mount a FUSE file system to cause a denial of service. (CVE-2011-3353, Moderate) * A flaw in the b43 driver. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate) * A flaw in the way CIFS shares with DFS referrals at their root were handled could allow an attacker on the local network, who is able to deploy a malicious CIFS server, to create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A flaw in the m_stop() implementation could allow a local, unprivileged user to trigger a denial of service. (CVE-2011-3637, Moderate) * Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate) * A flaw in the key management facility could allow a local, unprivileged user to cause a denial of service via the keyctl utility. (CVE-2011-4110, Moderate) * A flaw in the Journaling Block Device (JBD) could allow a local attacker to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * I/O statistics from the taskstats subsystem could be read without any restrictions, which could allow a local, unprivileged user to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) * Flaws in tpacket_rcv() and packet_recvmsg() could allow a local, unprivileged user to leak information to user-space. (CVE-2011-2898, Low) Red Hat would like to thank Darren Lavender for reporting CVE-2011-3191; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for reporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494. This update also fixes the following bugs : * Previously, a mismatch in the build-id of the kernel-rt and the one in the related debuginfo package caused failures in SystemTap and perf. (BZ#768413) * IBM x3650m3 systems were not able to boot the MRG Realtime kernel because they require a pmcraid driver that was not available. The pmcraid driver is included in this update. (BZ#753992) Users should upgrade to these updated packages, which correct these issues. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76635 published 2014-07-22 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76635 title RHEL 6 : MRG (RHSA-2012:0010) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-26.NASL description IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system last seen 2020-06-01 modified 2020-06-02 plugin id 69585 published 2013-09-04 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69585 title Amazon Linux AMI : kernel (ALAS-2011-26) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1386-1.NASL description The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. (CVE-2011-2498) A flaw was discovered in the TOMOYO LSM last seen 2020-03-18 modified 2012-03-07 plugin id 58267 published 2012-03-07 reporter Ubuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58267 title Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1386-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1253-1.NASL description Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) Gideon Naim discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 56747 published 2011-11-09 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56747 title Ubuntu 10.04 LTS : linux vulnerabilities (USN-1253-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1319-1.NASL description Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) last seen 2020-06-01 modified 2020-06-02 plugin id 57448 published 2012-01-06 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57448 title USN-1319-1 : linux-ti-omap4 vulnerabilities
Redhat
| rpms |
|
References
- https://github.com/torvalds/linux/commit/c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae
- http://www.openwall.com/lists/oss-security/2011/09/09/6
- https://bugzilla.redhat.com/show_bug.cgi?id=736761
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae