Vulnerabilities > CVE-2011-4081 - NULL Pointer Dereference vulnerability in Linux Kernel

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
CWE-476
nessus

Summary

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

Vulnerable Configurations

Part Description Count
OS
Linux
1432

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1302-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57303
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57303
    titleUSN-1302-1 : linux-ti-omap4 vulnerabilities
    code
    # This script was automatically generated from Ubuntu Security
    # Notice USN-1302-1.  It is released under the Nessus Script 
    # Licence.
    #
    # Ubuntu Security Notices are (C) Canonical, Inc.
    # See http://www.ubuntu.com/usn/
    # Ubuntu(R) is a registered trademark of Canonical, Inc.
    
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57303);
      script_version("$Revision: 1.3 $");
      script_cvs_date("$Date: 2016/12/01 20:56:51 $");
    
     script_cve_id("CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330");
      script_xref(name:"USN", value:"1302-1");
    
      script_name(english:"USN-1302-1 : linux-ti-omap4 vulnerabilities");
      script_summary(english:"Checks dpkg output for updated package(s)");
    
      script_set_attribute(attribute:"synopsis", value: 
    "The remote Ubuntu host is missing one or more security-related
    patches.");
      script_set_attribute(attribute:"description", value:
    "A bug was discovered in the XFS filesystem's handling of pathnames. A
    local attacker could exploit this to crash the system, leading to a
    denial of service, or gain root privileges. (CVE-2011-4077)
    
    Nick Bowler discovered the kernel GHASH message digest algorithm
    incorrectly handled error conditions. A local attacker could exploit
    this to cause a kernel oops. (CVE-2011-4081)
    
    A flaw was found in the Journaling Block Device (JBD). A local
    attacker able to mount ext3 or ext4 file systems could exploit this
    to crash the system, leading to a denial of service. (CVE-2011-4132)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw
    to crash the system. (CVE-2011-4326)
    
    Clement Lecigne discovered a bug in the HFS file system bounds
    checking. When a malformed HFS file system is mounted a local user
    could crash the system or gain root privileges. (CVE-2011-4330)");
      script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1302-1/");
      script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/13");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/14");
      script_end_attributes();
        
      script_category(ACT_GATHER_INFO);
      script_family(english:"Ubuntu Local Security Checks");
    
      script_copyright("Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("ubuntu.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu.");
    if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages.");
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-903-omap4", pkgver:"2.6.35-903.28")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1304-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57305
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57305
    titleUSN-1304-1 : linux-ti-omap4 vulnerabilities
    code
    # This script was automatically generated from Ubuntu Security
    # Notice USN-1304-1.  It is released under the Nessus Script 
    # Licence.
    #
    # Ubuntu Security Notices are (C) Canonical, Inc.
    # See http://www.ubuntu.com/usn/
    # Ubuntu(R) is a registered trademark of Canonical, Inc.
    
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57305);
      script_version("$Revision: 1.3 $");
      script_cvs_date("$Date: 2016/12/01 20:56:51 $");
    
     script_cve_id("CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330");
      script_xref(name:"USN", value:"1304-1");
    
      script_name(english:"USN-1304-1 : linux-ti-omap4 vulnerabilities");
      script_summary(english:"Checks dpkg output for updated package(s)");
    
      script_set_attribute(attribute:"synopsis", value: 
    "The remote Ubuntu host is missing one or more security-related
    patches.");
      script_set_attribute(attribute:"description", value:
    "A bug was discovered in the XFS filesystem's handling of pathnames. A
    local attacker could exploit this to crash the system, leading to a
    denial of service, or gain root privileges. (CVE-2011-4077)
    
    Nick Bowler discovered the kernel GHASH message digest algorithm
    incorrectly handled error conditions. A local attacker could exploit
    this to cause a kernel oops. (CVE-2011-4081)
    
    Scot Doyle discovered that the bridge networking interface
    incorrectly handled certain network packets. A remote attacker could
    exploit this to crash the system, leading to a denial of service.
    (CVE-2011-4087)
    
    A flaw was found in the Journaling Block Device (JBD). A local
    attacker able to mount ext3 or ext4 file systems could exploit this
    to crash the system, leading to a denial of service. (CVE-2011-4132)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw
    to crash the system. (CVE-2011-4326)
    
    Clement Lecigne discovered a bug in the HFS file system bounds
    checking. When a malformed HFS file system is mounted a local user
    could crash the system or gain root privileges. (CVE-2011-4330)");
      script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1304-1/");
      script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/13");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/14");
      script_end_attributes();
        
      script_category(ACT_GATHER_INFO);
      script_family(english:"Ubuntu Local Security Checks");
    
      script_copyright("Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("ubuntu.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu.");
    if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages.");
    
    flag = 0;
    
    if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-1209-omap4", pkgver:"2.6.38-1209.18")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2011-22.NASL
    descriptionThe epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.
    last seen2020-06-01
    modified2020-06-02
    plugin id69581
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69581
    titleAmazon Linux AMI : kernel (ALAS-2011-22)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-55.NASL
    descriptionA buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69662
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69662
    titleAmazon Linux AMI : kernel (ALAS-2012-55)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1311-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) A bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57342
    published2011-12-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57342
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-1311-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1303-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) A bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57304
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57304
    titleUbuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1303-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1322-1.NASL
    descriptionNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57467
    published2012-01-10
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57467
    titleUbuntu 11.10 : linux vulnerability (USN-1322-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1312-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57343
    published2011-12-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57343
    titleUbuntu 11.04 : linux vulnerabilities (USN-1312-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-120130.NASL
    descriptionThe SUSE Linux Enterprise 11 SP1 kernel was updated to 2.6.32.54, fixing lots of bugs and security issues. The following security issues have been fixed : - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127) - KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. (CVE-2011-4110) - Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. (CVE-2011-4081) - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077) - A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038) - A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132) - Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g. guessing passwords by typing speed). (CVE-2011-2494) - When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873) - When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-4164) - A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed. The following non-security issues have been fixed:. (CVE-2011-2699) - elousb: Fixed bug in USB core API usage, code cleanup. (bnc#733863) - cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry. (bnc#735453) - cifs: set server_eof in cifs_fattr_to_inode. (bnc#735453) - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink(). (bnc#726600) - block: add and use scsi_blk_cmd_ioctl. (bnc#738400 / CVE-2011-4127) - block: fail SCSI passthrough ioctls on partition devices. (bnc#738400 / CVE-2011-4127) - dm: do not forward ioctls from logical volumes to the underlying device. (bnc#738400 / CVE-2011-4127) - Silence some warnings about ioctls on partitions. - netxen: Remove all references to unified firmware file. (bnc#708625) - bonding: send out gratuitous arps even with no address configured. (bnc#742270) - patches.fixes/ocfs2-serialize_unaligned_aio.patch: ocfs2: serialize unaligned aio. (bnc#671479) - patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references. (bnc#729854, bnc#731004) - xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time. - ipmi: reduce polling when interrupts are available. (bnc#740867) - ipmi: reduce polling. (bnc#740867) - Linux 2.6.32.54. - export shrink_dcache_for_umount_subtree. - patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem. (bnc#736018) - PM / Sleep: Fix race between CPU hotplug and freezer. (bnc#740535) - jbd: Issue cache flush after checkpointing. (bnc#731770) - lpfc: make sure job exists when processing BSG. (bnc#735635) - Linux 2.6.32.53. - blktap: fix locking (again). (bnc#724734) - xen: Update Xen patches to 2.6.32.52. - Linux 2.6.32.52. - Linux 2.6.32.51. - Linux 2.6.32.50. - reiserfs: Lock buffers unconditionally in reiserfs_write_full_page(). (bnc#716023) - writeback: Include all dirty inodes in background writeback. (bnc#716023) - reiserfs: Fix quota mount option parsing. (bnc#728626) - bonding: check if clients MAC addr has changed. (bnc#729854) - rpc client can not deal with ENOSOCK, so translate it into ENOCONN. (bnc#733146) - st: modify tape driver to allow writing immediate filemarks. (bnc#688996) - xfs: fix for xfssyncd failure to wake. (bnc#722910) - ipmi: Fix deadlock in start_next_msg(). - net: bind() fix error return on wrong address family. (bnc#735216) - net: ipv4: relax AF_INET check in bind(). (bnc#735216) - net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs. (bnc#735216) - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported. (bnc#732296) - percpu: fix chunk range calculation. (bnc#668872) - x86, UV: Fix kdump reboot. (bnc#735446) - dm: Use done_bytes for io_completion. (bnc#711378) - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported. (bnc#732296) - Bluetooth: Add Atheros AR3012 one PID/VID supported. (bnc#732296) - fix missing hunk in oplock break patch. (bnc#706973) - patches.arch/s390-34-01-pfault-cpu-hotplug.patch: Refresh. Surrounded s390x lowcore change with __GENKSYMS__. (bnc#728339) - patches.xen/xen3-patch-2.6.30: Refresh. - sched, x86: Avoid unnecessary overflow in sched_clock. (bnc#725709) - ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.
    last seen2020-06-05
    modified2012-02-07
    plugin id57854
    published2012-02-07
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57854
    titleSuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5732)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0350.NASL
    descriptionUpdated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58275
    published2012-03-08
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58275
    titleCentOS 6 : kernel (CESA-2012:0350)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1287-1.NASL
    descriptionNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.
    last seen2020-06-01
    modified2020-06-02
    plugin id57024
    published2011-12-06
    reporterUbuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57024
    titleUSN-1287-1 : linux-ti-omap4 vulnerability
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1313-1.NASL
    descriptionNick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57344
    published2011-12-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57344
    titleUbuntu 10.04 LTS : linux-lts-backport-oneiric vulnerability (USN-1313-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_KERNEL-120104.NASL
    descriptionThe openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it
    last seen2020-06-05
    modified2014-06-13
    plugin id75557
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75557
    titleopenSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_KERNEL-120104.NASL
    descriptionThe openSUSE 11.4 kernel was updated to fix bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it
    last seen2020-06-05
    modified2014-06-13
    plugin id75882
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75882
    titleopenSUSE Security Update : kernel (openSUSE-SU-2012:0236-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0350.NASL
    descriptionUpdated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-04-16
    modified2012-03-07
    plugin id58261
    published2012-03-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58261
    titleRHEL 6 : kernel (RHSA-2012:0350)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0422.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes two security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79285
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79285
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2012:0422)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1301-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57302
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57302
    titleUbuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1301-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1286-1.NASL
    descriptionVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491) Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496) It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517) Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57005
    published2011-12-05
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57005
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-1286-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0350.NASL
    descriptionFrom Red Hat Security Advisory 2012:0350 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id68491
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68491
    titleOracle Linux 6 : kernel (ELSA-2012-0350)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-120129.NASL
    descriptionThe SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54, fixing numerous bugs and security issues. The following security issues have been fixed : - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127) - KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. (CVE-2011-4110) - Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. (CVE-2011-4081) - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077) - A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038) - A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132) - Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g. guessing passwords by typing speed). (CVE-2011-2494) - When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873) - When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-4164) - A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed. (CVE-2011-2699) The following non-security issues have been fixed (excerpt from changelog) : - elousb: Fixed bug in USB core API usage, code cleanup. - cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry. - cifs: set server_eof in cifs_fattr_to_inode. - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink(). - Silence some warnings about ioctls on partitions. - netxen: Remove all references to unified firmware file. - bonding: send out gratuitous arps even with no address configured. - patches.fixes/ocfs2-serialize_unaligned_aio.patch: ocfs2: serialize unaligned aio. - patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references. - xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time. - ipmi: reduce polling when interrupts are available. - ipmi: reduce polling. - export shrink_dcache_for_umount_subtree. - patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem. - PM / Sleep: Fix race between CPU hotplug and freezer. - jbd: Issue cache flush after checkpointing. - lpfc: make sure job exists when processing BSG. - blktap: fix locking (again). - xen: Update Xen patches to 2.6.32.52. - reiserfs: Lock buffers unconditionally in reiserfs_write_full_page(). - writeback: Include all dirty inodes in background writeback. - reiserfs: Fix quota mount option parsing. - bonding: check if clients MAC addr has changed. - rpc client can not deal with ENOSOCK, so translate it into ENOCONN. - st: modify tape driver to allow writing immediate filemarks. - xfs: fix for xfssyncd failure to wake. - ipmi: Fix deadlock in start_next_msg(). - net: bind() fix error return on wrong address family. - net: ipv4: relax AF_INET check in bind(). - net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs. - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported. - percpu: fix chunk range calculation. - x86, UV: Fix kdump reboot. - dm: Use done_bytes for io_completion. - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported. - Bluetooth: Add Atheros AR3012 one PID/VID supported. - fix missing hunk in oplock break patch. - patches.arch/s390-34-01-pfault-cpu-hotplug.patch: Refresh. - Surrounded s390x lowcore change with __GENKSYMS__ - patches.xen/xen3-patch-2.6.30: Refresh. - sched, x86: Avoid unnecessary overflow in sched_clock. - ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.
    last seen2020-06-05
    modified2012-02-07
    plugin id57853
    published2012-02-07
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57853
    titleSuSE 11.1 Security Update : Linux Kernel (SAT Patch Numbers 5723 / 5725)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120306_KERNEL_ON_SL6_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2012-08-01
    plugin id61277
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61277
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120306)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1294-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2942) Yasuaki Ishimatsu discovered a flaw in the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id57058
    published2011-12-09
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57058
    titleUbuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1294-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-2003.NASL
    descriptionDescription of changes: * CVE-2012-0207: Denial of service bug in IGMP. The IGMP subsystem
    last seen2020-06-01
    modified2020-06-02
    plugin id68669
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68669
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2003)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1299-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) A bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57300
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57300
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1299-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-15241.NASL
    descriptionSecurity update for various issues. ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56721
    published2011-11-07
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56721
    titleFedora 14 : kernel-2.6.35.14-103.fc14 (2011-15241)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1293-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57057
    published2011-12-09
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57057
    titleUbuntu 10.10 : linux vulnerabilities (USN-1293-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0010.NASL
    descriptionUpdated kernel-rt packages that fix several security issues and two bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important) * The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on were handled could allow a remote attacker to cause a denial of service. (CVE-2011-4326, Important) * GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate) * IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A flaw in the FUSE (Filesystem in Userspace) implementation could allow a local user in the fuse group who has access to mount a FUSE file system to cause a denial of service. (CVE-2011-3353, Moderate) * A flaw in the b43 driver. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate) * A flaw in the way CIFS shares with DFS referrals at their root were handled could allow an attacker on the local network, who is able to deploy a malicious CIFS server, to create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A flaw in the m_stop() implementation could allow a local, unprivileged user to trigger a denial of service. (CVE-2011-3637, Moderate) * Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate) * A flaw in the key management facility could allow a local, unprivileged user to cause a denial of service via the keyctl utility. (CVE-2011-4110, Moderate) * A flaw in the Journaling Block Device (JBD) could allow a local attacker to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * I/O statistics from the taskstats subsystem could be read without any restrictions, which could allow a local, unprivileged user to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) * Flaws in tpacket_rcv() and packet_recvmsg() could allow a local, unprivileged user to leak information to user-space. (CVE-2011-2898, Low) Red Hat would like to thank Darren Lavender for reporting CVE-2011-3191; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for reporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494. This update also fixes the following bugs : * Previously, a mismatch in the build-id of the kernel-rt and the one in the related debuginfo package caused failures in SystemTap and perf. (BZ#768413) * IBM x3650m3 systems were not able to boot the MRG Realtime kernel because they require a pmcraid driver that was not available. The pmcraid driver is included in this update. (BZ#753992) Users should upgrade to these updated packages, which correct these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id76635
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76635
    titleRHEL 6 : MRG (RHSA-2012:0010)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1292-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57056
    published2011-12-09
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57056
    titleUbuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1292-1)

Redhat

rpms
  • kernel-rt-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debug-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debug-debuginfo-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debug-devel-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debuginfo-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-devel-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-doc-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-firmware-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-trace-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-trace-debuginfo-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-trace-devel-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-vanilla-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-vanilla-debuginfo-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-vanilla-devel-0:2.6.33.9-rt31.79.el6rt
  • kernel-0:2.6.32-220.7.1.el6
  • kernel-bootwrapper-0:2.6.32-220.7.1.el6
  • kernel-debug-0:2.6.32-220.7.1.el6
  • kernel-debug-debuginfo-0:2.6.32-220.7.1.el6
  • kernel-debug-devel-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-220.7.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.7.1.el6
  • kernel-devel-0:2.6.32-220.7.1.el6
  • kernel-doc-0:2.6.32-220.7.1.el6
  • kernel-firmware-0:2.6.32-220.7.1.el6
  • kernel-headers-0:2.6.32-220.7.1.el6
  • kernel-kdump-0:2.6.32-220.7.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-220.7.1.el6
  • kernel-kdump-devel-0:2.6.32-220.7.1.el6
  • perf-0:2.6.32-220.7.1.el6
  • perf-debuginfo-0:2.6.32-220.7.1.el6
  • python-perf-0:2.6.32-220.7.1.el6