Vulnerabilities > CVE-2011-4087 - Improper Initialization vulnerability in Linux Kernel

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
linux
CWE-665
nessus

Summary

The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device.

Vulnerable Configurations

Part Description Count
OS
Linux
1309

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1304-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57305
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57305
    titleUSN-1304-1 : linux-ti-omap4 vulnerabilities
    code
    # This script was automatically generated from Ubuntu Security
    # Notice USN-1304-1.  It is released under the Nessus Script 
    # Licence.
    #
    # Ubuntu Security Notices are (C) Canonical, Inc.
    # See http://www.ubuntu.com/usn/
    # Ubuntu(R) is a registered trademark of Canonical, Inc.
    
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57305);
      script_version("$Revision: 1.3 $");
      script_cvs_date("$Date: 2016/12/01 20:56:51 $");
    
     script_cve_id("CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330");
      script_xref(name:"USN", value:"1304-1");
    
      script_name(english:"USN-1304-1 : linux-ti-omap4 vulnerabilities");
      script_summary(english:"Checks dpkg output for updated package(s)");
    
      script_set_attribute(attribute:"synopsis", value: 
    "The remote Ubuntu host is missing one or more security-related
    patches.");
      script_set_attribute(attribute:"description", value:
    "A bug was discovered in the XFS filesystem's handling of pathnames. A
    local attacker could exploit this to crash the system, leading to a
    denial of service, or gain root privileges. (CVE-2011-4077)
    
    Nick Bowler discovered the kernel GHASH message digest algorithm
    incorrectly handled error conditions. A local attacker could exploit
    this to cause a kernel oops. (CVE-2011-4081)
    
    Scot Doyle discovered that the bridge networking interface
    incorrectly handled certain network packets. A remote attacker could
    exploit this to crash the system, leading to a denial of service.
    (CVE-2011-4087)
    
    A flaw was found in the Journaling Block Device (JBD). A local
    attacker able to mount ext3 or ext4 file systems could exploit this
    to crash the system, leading to a denial of service. (CVE-2011-4132)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw
    to crash the system. (CVE-2011-4326)
    
    Clement Lecigne discovered a bug in the HFS file system bounds
    checking. When a malformed HFS file system is mounted a local user
    could crash the system or gain root privileges. (CVE-2011-4330)");
      script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1304-1/");
      script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/13");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/14");
      script_end_attributes();
        
      script_category(ACT_GATHER_INFO);
      script_family(english:"Ubuntu Local Security Checks");
    
      script_copyright("Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("ubuntu.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu.");
    if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages.");
    
    flag = 0;
    
    if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-1209-omap4", pkgver:"2.6.38-1209.18")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1256-1.NASL
    descriptionIt was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771) Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Ben Hutchings reported a flaw in the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id56768
    published2011-11-10
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56768
    titleUbuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1256-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56768);
      script_version("1.18");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2010-4250", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1493", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2182", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2479", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3619", "CVE-2011-3637", "CVE-2011-4087", "CVE-2011-4326", "CVE-2011-4914");
      script_bugtraq_id(46567, 46616, 46793, 46866, 46935, 46980, 47056, 47296, 47308, 47321, 47343, 47381, 47768, 47796, 47852, 47853, 47926, 48101, 48333, 48347, 48383, 48441, 48472, 48538, 48641, 48677, 48697, 48802, 48804, 48907, 48929, 49108, 49140, 49141, 49408, 49411, 50314);
      script_xref(name:"USN", value:"1256-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the /proc filesystem did not correctly handle
    permission changes when programs executed. A local attacker could hold
    open files to examine details about programs running with higher
    privileges, potentially increasing the chances of exploiting
    additional vulnerabilities. (CVE-2011-1020)
    
    Vasiliy Kulikov discovered that the Bluetooth stack did not correctly
    clear memory. A local attacker could exploit this to read kernel stack
    memory, leading to a loss of privacy. (CVE-2011-1078)
    
    Vasiliy Kulikov discovered that the Bluetooth stack did not correctly
    check that device name strings were NULL terminated. A local attacker
    could exploit this to crash the system, leading to a denial of
    service, or leak contents of kernel stack memory, leading to a loss of
    privacy. (CVE-2011-1079)
    
    Vasiliy Kulikov discovered that bridge network filtering did not check
    that name fields were NULL terminated. A local attacker could exploit
    this to leak contents of kernel stack memory, leading to a loss of
    privacy. (CVE-2011-1080)
    
    Johan Hovold discovered that the DCCP network stack did not correctly
    handle certain packet combinations. A remote attacker could send
    specially crafted network traffic that would crash the system, leading
    to a denial of service. (CVE-2011-1093)
    
    Peter Huewe discovered that the TPM device did not correctly
    initialize memory. A local attacker could exploit this to read kernel
    heap memory contents, leading to a loss of privacy. (CVE-2011-1160)
    
    Dan Rosenberg discovered that the IRDA subsystem did not correctly
    check certain field sizes. If a system was using IRDA, a remote
    attacker could send specially crafted traffic to crash the system or
    gain root privileges. (CVE-2011-1180)
    
    Ryan Sweat discovered that the GRO code did not correctly validate
    memory. In some configurations on systems using VLANs, a remote
    attacker could send specially crafted traffic to crash the system,
    leading to a denial of service. (CVE-2011-1478)
    
    It was discovered that the security fix for CVE-2010-4250 introduced a
    regression. A remote attacker could exploit this to crash the system,
    leading to a denial of service. (CVE-2011-1479)
    
    Dan Rosenberg discovered that the X.25 Rose network stack did not
    correctly handle certain fields. If a system was running with Rose
    enabled, a remote attacker could send specially crafted traffic to
    gain root privileges. (CVE-2011-1493)
    
    It was discovered that the Stream Control Transmission Protocol (SCTP)
    implementation incorrectly calculated lengths. If the
    net.sctp.addip_enable variable was turned on, a remote attacker could
    send specially crafted traffic to crash the system. (CVE-2011-1573)
    
    Ryan Sweat discovered that the kernel incorrectly handled certain VLAN
    packets. On some systems, a remote attacker could send specially
    crafted traffic to crash the system, leading to a denial of service.
    (CVE-2011-1576)
    
    Timo Warns discovered that the GUID partition parsing routines did not
    correctly validate certain structures. A local attacker with physical
    access could plug in a specially crafted block device to crash the
    system, leading to a denial of service. (CVE-2011-1577)
    
    Phil Oester discovered that the network bonding system did not
    correctly handle large queues. On some systems, a remote attacker
    could send specially crafted traffic to crash the system, leading to a
    denial of service. (CVE-2011-1581)
    
    It was discovered that CIFS incorrectly handled authentication. When a
    user had a CIFS share mounted that required authentication, a local
    user could mount the same share without knowing the correct password.
    (CVE-2011-1585)
    
    It was discovered that the GRE protocol incorrectly handled netns
    initialization. A remote attacker could send a packet while the ip_gre
    module was loading, and crash the system, leading to a denial of
    service. (CVE-2011-1767)
    
    It was discovered that the IP/IP protocol incorrectly handled netns
    initialization. A remote attacker could send a packet while the ipip
    module was loading, and crash the system, leading to a denial of
    service. (CVE-2011-1768)
    
    Ben Greear discovered that CIFS did not correctly handle direct I/O. A
    local attacker with access to a CIFS partition could exploit this to
    crash the system, leading to a denial of service. (CVE-2011-1771)
    
    Timo Warns discovered that the EFI GUID partition table was not
    correctly parsed. A physically local attacker that could insert
    mountable devices could exploit this to crash the system or possibly
    gain root privileges. (CVE-2011-1776)
    
    Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not
    correctly check the origin of mount points. A local attacker could
    exploit this to trick the system into unmounting arbitrary mount
    points, leading to a denial of service. (CVE-2011-1833)
    
    Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM
    partitions. A local user could exploit this to cause a denial of
    service or escalate privileges. (CVE-2011-2182)
    
    Dan Rosenberg discovered that the IPv4 diagnostic routines did not
    correctly validate certain requests. A local attacker could exploit
    this to consume CPU resources, leading to a denial of service.
    (CVE-2011-2213)
    
    It was discovered that an mmap() call with the MAP_PRIVATE flag on
    '/dev/zero' was incorrectly handled. A local attacker could exploit
    this to crash the system, leading to a denial of service.
    (CVE-2011-2479)
    
    Vasiliy Kulikov discovered that taskstats listeners were not correctly
    handled. A local attacker could exploit this to exhaust memory and CPU
    resources, leading to a denial of service. (CVE-2011-2484)
    
    It was discovered that Bluetooth l2cap and rfcomm did not correctly
    initialize structures. A local attacker could exploit this to read
    portions of the kernel stack, leading to a loss of privacy.
    (CVE-2011-2492)
    
    Sami Liedes discovered that ext4 did not correctly handle missing root
    inodes. A local attacker could trigger the mount of a specially
    crafted filesystem to cause the system to crash, leading to a denial
    of service. (CVE-2011-2493)
    
    Robert Swiecki discovered that mapping extensions were incorrectly
    handled. A local attacker could exploit this to crash the system,
    leading to a denial of service. (CVE-2011-2496)
    
    Dan Rosenberg discovered that the Bluetooth stack incorrectly handled
    certain L2CAP requests. If a system was using Bluetooth, a remote
    attacker could send specially crafted traffic to crash the system or
    gain root privileges. (CVE-2011-2497)
    
    Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were
    being incorrectly handled. A local attacker could exploit this to
    crash the system, leading to a denial of service. (CVE-2011-2525)
    
    It was discovered that GFS2 did not correctly check block sizes. A
    local attacker could exploit this to crash the system, leading to a
    denial of service. (CVE-2011-2689)
    
    It was discovered that the EXT4 filesystem contained multiple
    off-by-one flaws. A local attacker could exploit this to crash the
    system, leading to a denial of service. (CVE-2011-2695)
    
    Fernando Gont discovered that the IPv6 stack used predictable fragment
    identification numbers. A remote attacker could exploit this to
    exhaust network resources, leading to a denial of service.
    (CVE-2011-2699)
    
    Mauro Carvalho Chehab discovered that the si4713 radio driver did not
    correctly check the length of memory copies. If this hardware was
    available, a local attacker could exploit this to crash the system or
    gain root privileges. (CVE-2011-2700)
    
    Herbert Xu discovered that certain fields were incorrectly handled
    when Generic Receive Offload (CVE-2011-2723)
    
    The performance counter subsystem did not correctly handle certain
    counters. A local attacker could exploit this to crash the system,
    leading to a denial of service. (CVE-2011-2918)
    
    Time Warns discovered that long symlinks were incorrectly handled on
    Be filesystems. A local attacker could exploit this with a malformed
    Be filesystem and crash the system, leading to a denial of service.
    (CVE-2011-2928)
    
    Qianfeng Zhang discovered that the bridge networking interface
    incorrectly handled certain network packets. A remote attacker could
    exploit this to crash the system, leading to a denial of service.
    (CVE-2011-2942)
    
    Dan Kaminsky discovered that the kernel incorrectly handled random
    sequence number generation. An attacker could use this flaw to
    possibly predict sequence numbers and inject packets. (CVE-2011-3188)
    
    Darren Lavender discovered that the CIFS client incorrectly handled
    certain large values. A remote attacker with a malicious server could
    exploit this to crash the system or possibly execute arbitrary code as
    the root user. (CVE-2011-3191)
    
    Yasuaki Ishimatsu discovered a flaw in the kernel's clock
    implementation. A local unprivileged attacker could exploit this
    causing a denial of service. (CVE-2011-3209)
    
    Yogesh Sharma discovered that CIFS did not correctly handle UNCs that
    had no prefixpaths. A local attacker with access to a CIFS partition
    could exploit this to crash the system, leading to a denial of
    service. (CVE-2011-3363)
    
    A flaw was discovered in the Linux kernel's AppArmor security
    interface when invalid information was written to it. An unprivileged
    local user could use this to cause a denial of service on the system.
    (CVE-2011-3619)
    
    A flaw was found in the Linux kernel's /proc/*/*map* interface. A
    local, unprivileged user could exploit this flaw to cause a denial of
    service. (CVE-2011-3637)
    
    Scot Doyle discovered that the bridge networking interface incorrectly
    handled certain network packets. A remote attacker could exploit this
    to crash the system, leading to a denial of service. (CVE-2011-4087)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw to
    crash the system. (CVE-2011-4326)
    
    Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP)
    layer. A local user or a remote user on an X.25 network could exploit
    these flaws to execute arbitrary code as root. (CVE-2011-4914).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1256-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2010-4250", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1493", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2182", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2479", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3619", "CVE-2011-3637", "CVE-2011-4087", "CVE-2011-4326", "CVE-2011-4914");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1256-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-12-generic", pkgver:"2.6.38-12.51~lucid1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-12-generic-pae", pkgver:"2.6.38-12.51~lucid1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-12-server", pkgver:"2.6.38-12.51~lucid1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-12-virtual", pkgver:"2.6.38-12.51~lucid1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_KERNEL-120104.NASL
    descriptionThe openSUSE 11.4 kernel was updated to fix bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it
    last seen2020-06-05
    modified2014-06-13
    plugin id75882
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75882
    titleopenSUSE Security Update : kernel (openSUSE-SU-2012:0236-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update kernel-5606.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75882);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2010-3880", "CVE-2011-1080", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-1770", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4604");
    
      script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2012:0236-1)");
      script_summary(english:"Check for the kernel-5606 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE 11.4 kernel was updated to fix bugs and security issues.
    
    Following security issues have been fixed: CVE-2011-4604: If root does
    read() on a specific socket, it's possible to corrupt (kernel) memory
    over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol
    is used.
    
    CVE-2011-2699: Fernando Gont discovered that the IPv6 stack used
    predictable fragment identification numbers. A remote attacker could
    exploit this to exhaust network resources, leading to a denial of
    service.
    
    CVE-2011-1173: A kernel information leak via ip6_tables was fixed.
    
    CVE-2011-1172: A kernel information leak via ip6_tables netfilter was
    fixed.
    
    CVE-2011-1171: A kernel information leak via ip_tables was fixed.
    
    CVE-2011-1170: A kernel information leak via arp_tables was fixed.
    
    CVE-2011-1080: A kernel information leak via netfilter was fixed.
    
    CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c
    in the Linux kernel did not properly audit INET_DIAG bytecode, which
    allowed local users to cause a denial of service (kernel infinite
    loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink
    message, as demonstrated by an INET_DIAG_BC_JMP instruction with a
    zero yes value, a different vulnerability than CVE-2010-3880.
    
    CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in
    net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have
    allowed local users to cause a denial of service or have unspecified
    other impact via a crafted write operation, related to string data
    that lacks a terminating '0' character.
    
    CVE-2011-1770: Integer underflow in the dccp_parse_options function
    (net/dccp/options.c) in the Linux kernel allowed remote attackers to
    cause a denial of service via a Datagram Congestion Control Protocol
    (DCCP) packet with an invalid feature options length, which triggered
    a buffer over-read.
    
    CVE-2011-2723: The skb_gro_header_slow function in
    include/linux/netdevice.h in the Linux kernel, when Generic Receive
    Offload (GRO) is enabled, reset certain fields in incorrect
    situations, which allowed remote attackers to cause a denial of
    service (system crash) via crafted network traffic.
    
    CVE-2011-2898: A kernel information leak in the AF_PACKET protocol was
    fixed which might have allowed local attackers to read kernel memory.
    
    CVE-2011-4087: A local denial of service when using bridged networking
    via a flood ping was fixed.
    
    CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs
    filesystems was fixed which could be used by local attackers to crash
    the kernel.
    
    CVE-2011-4081: Using the crypto interface a local user could Oops the
    kernel by writing to a AF_ALG socket."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=676602"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=679059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=681180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=681181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=681184"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=681185"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=691052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=692498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=699709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=700879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=702037"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=707288"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=709561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=709764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=710235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=713933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=723999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=726788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=736149"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2012-02/msg00036.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-base-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-base-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-debugsource-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-debug-devel-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-base-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-base-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-debugsource-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-default-devel-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-base-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-base-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-debugsource-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-desktop-devel-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-base-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-base-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-debugsource-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-devel-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-extra-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-ec2-extra-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-base-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-base-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-debugsource-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-pae-devel-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-source-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-source-vanilla-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-syms-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-base-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-base-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-debugsource-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-trace-devel-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-base-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-base-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-debugsource-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vanilla-devel-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-base-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-base-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-debugsource-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-vmi-devel-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-base-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-base-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-debugsource-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-devel-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"kernel-xen-devel-debuginfo-2.6.37.6-0.11.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"preload-kmp-default-1.2_k2.6.37.6_0.11-6.7.28") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"preload-kmp-default-debuginfo-1.2_k2.6.37.6_0.11-6.7.28") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"preload-kmp-desktop-1.2_k2.6.37.6_0.11-6.7.28") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"preload-kmp-desktop-debuginfo-1.2_k2.6.37.6_0.11-6.7.28") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1294-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2942) Yasuaki Ishimatsu discovered a flaw in the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id57058
    published2011-12-09
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57058
    titleUbuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1294-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1294-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57058);
      script_version("1.13");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-1162", "CVE-2011-2494", "CVE-2011-2942", "CVE-2011-3209", "CVE-2011-3638", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4326");
      script_bugtraq_id(50311, 50313, 50314, 50322, 50366, 50751, 50764);
      script_xref(name:"USN", value:"1294-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1294-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Peter Huewe discovered an information leak in the handling of reading
    security-related TPM data. A local, unprivileged user could read the
    results of a previous TPM command. (CVE-2011-1162)
    
    Vasiliy Kulikov discovered that taskstats did not enforce access
    restrictions. A local attacker could exploit this to read certain
    information, leading to a loss of privacy. (CVE-2011-2494)
    
    Qianfeng Zhang discovered that the bridge networking interface
    incorrectly handled certain network packets. A remote attacker could
    exploit this to crash the system, leading to a denial of service.
    (CVE-2011-2942)
    
    Yasuaki Ishimatsu discovered a flaw in the kernel's clock
    implementation. A local unprivileged attacker could exploit this
    causing a denial of service. (CVE-2011-3209)
    
    Zheng Liu discovered a flaw in how the ext4 filesystem splits extents.
    A local unprivileged attacker could exploit this to crash the system,
    leading to a denial of service. (CVE-2011-3638)
    
    Scot Doyle discovered that the bridge networking interface incorrectly
    handled certain network packets. A remote attacker could exploit this
    to crash the system, leading to a denial of service. (CVE-2011-4087)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw to
    crash the system. (CVE-2011-4326).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1294-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2011-1162", "CVE-2011-2494", "CVE-2011-2942", "CVE-2011-3209", "CVE-2011-3638", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4326");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1294-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-13-generic", pkgver:"3.0.0-13.22~lucid1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-13-generic-pae", pkgver:"3.0.0-13.22~lucid1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-13-server", pkgver:"3.0.0-13.22~lucid1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-13-virtual", pkgver:"3.0.0-13.22~lucid1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.0-generic / linux-image-3.0-generic-pae / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1193-1.NASL
    descriptionTimo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) Ben Hutchings reported a flaw in the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id55923
    published2011-08-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55923
    titleUbuntu 11.04 : linux vulnerabilities (USN-1193-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1193-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55923);
      script_version("1.11");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-1577", "CVE-2011-1581", "CVE-2011-2182", "CVE-2011-2484", "CVE-2011-2493", "CVE-2011-3619", "CVE-2011-4087", "CVE-2011-4326");
      script_bugtraq_id(47343, 47926, 48383);
      script_xref(name:"USN", value:"1193-1");
    
      script_name(english:"Ubuntu 11.04 : linux vulnerabilities (USN-1193-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Timo Warns discovered that the GUID partition parsing routines did not
    correctly validate certain structures. A local attacker with physical
    access could plug in a specially crafted block device to crash the
    system, leading to a denial of service. (CVE-2011-1577)
    
    Phil Oester discovered that the network bonding system did not
    correctly handle large queues. On some systems, a remote attacker
    could send specially crafted traffic to crash the system, leading to a
    denial of service. (CVE-2011-1581)
    
    Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM
    partitions. A local user could exploit this to cause a denial of
    service or escalate privileges. (CVE-2011-2182)
    
    Vasiliy Kulikov discovered that taskstats listeners were not correctly
    handled. A local attacker could exploit this to exhaust memory and CPU
    resources, leading to a denial of service. (CVE-2011-2484)
    
    Sami Liedes discovered that ext4 did not correctly handle missing root
    inodes. A local attacker could trigger the mount of a specially
    crafted filesystem to cause the system to crash, leading to a denial
    of service. (CVE-2011-2493)
    
    A flaw was discovered in the Linux kernel's AppArmor security
    interface when invalid information was written to it. An unprivileged
    local user could use this to cause a denial of service on the system.
    (CVE-2011-3619)
    
    Scot Doyle discovered that the bridge networking interface incorrectly
    handled certain network packets. A remote attacker could exploit this
    to crash the system, leading to a denial of service. (CVE-2011-4087)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw to
    crash the system. (CVE-2011-4326).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1193-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2011-1577", "CVE-2011-1581", "CVE-2011-2182", "CVE-2011-2484", "CVE-2011-2493", "CVE-2011-3619", "CVE-2011-4087", "CVE-2011-4326");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1193-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-11-generic", pkgver:"2.6.38-11.48")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-11-generic-pae", pkgver:"2.6.38-11.48")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-11-server", pkgver:"2.6.38-11.48")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-11-versatile", pkgver:"2.6.38-11.48")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-11-virtual", pkgver:"2.6.38-11.48")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc");
    }