Vulnerabilities > CVE-2011-4110 - Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

linux

CWE-264

nessus

NVD

Published: 2012-01-27

Updated: 2023-02-13

Summary

The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 2.6	1

Common Weakness Enumeration (CWE)

CWE-264 - Permissions, Privileges, and Access Controls

Common Attack Pattern Enumeration and Classification (CAPEC)

Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
Blue Boxing
This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
Restful Privilege Elevation
Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1345-1.NASL
description	Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57688
published	2012-01-25
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57688
title	Ubuntu 11.04 : linux vulnerabilities (USN-1345-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1345-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(57688); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-1162", "CVE-2011-2203", "CVE-2011-4110"); script_bugtraq_id(48236, 50755, 50764); script_xref(name:"USN", value:"1345-1"); script_name(english:"Ubuntu 11.04 : linux vulnerabilities (USN-1345-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1345-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-1162", "CVE-2011-2203", "CVE-2011-4110"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1345-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-generic", pkgver:"2.6.38-13.54")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-generic-pae", pkgver:"2.6.38-13.54")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-server", pkgver:"2.6.38-13.54")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-versatile", pkgver:"2.6.38-13.54")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-virtual", pkgver:"2.6.38-13.54")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc"); }

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2012-0013.NASL
description	a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
last seen	2020-06-01
modified	2020-06-02
plugin id	61747
published	2012-08-31
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61747
title	VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2012-0013. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(61747); script_version("1.56"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/30"); script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0393", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110"); script_bugtraq_id(40063, 44199, 45145, 45163, 45164, 46264, 46567, 46740, 47321, 48383, 48802, 49108, 49289, 49626, 49911, 50311, 50609, 50663, 50755, 50798, 50898, 51194, 51257, 51281, 51343, 51366, 51439, 51467, 51563, 52009, 52010, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52107, 52161, 52201, 52667, 52668, 52865, 53136, 53139, 53158, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960); script_xref(name:"VMSA", value:"2012-0013"); script_name(english:"VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESXi / ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2012/000197.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2012-08-30"); flag = 0; if ( esx_check( ver : "ESX 4.0", patch : "ESX400-201209401-SG", patch_updates : make_list("ESX400-201302401-SG", "ESX400-201305401-SG", "ESX400-201310401-SG", "ESX400-201404401-SG") ) ) flag++; if ( esx_check( ver : "ESX 4.0", patch : "ESX400-201209402-SG", patch_updates : make_list("ESX400-201305404-SG", "ESX400-201310402-SG") ) ) flag++; if (esx_check(ver:"ESX 4.0", patch:"ESX400-201209404-SG")) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208101-SG", patch_updates : make_list("ESX410-201211401-SG", "ESX410-201301401-SG", "ESX410-201304401-SG", "ESX410-201307401-SG", "ESX410-201312401-SG", "ESX410-201404401-SG", "ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208102-SG", patch_updates : make_list("ESX410-201301405-SG", "ESX410-201304402-SG", "ESX410-201307405-SG", "ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208103-SG", patch_updates : make_list("ESX410-201307403-SG", "ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208104-SG", patch_updates : make_list("ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208105-SG", patch_updates : make_list("ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208106-SG", patch_updates : make_list("ESX410-201307404-SG", "ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208107-SG", patch_updates : make_list("ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESXi 4.1", patch : "ESXi410-201208101-SG", patch_updates : make_list("ESXi410-201211401-SG", "ESXi410-201301401-SG", "ESXi410-201304401-SG", "ESXi410-201307401-SG", "ESXi410-201312401-SG", "ESXi410-201404401-SG", "ESXi410-Update03") ) ) flag++; if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1318-1.NASL
description	Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)
last seen	2020-06-01
modified	2020-06-02
plugin id	57447
published	2012-01-06
reporter	Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57447
title	USN-1318-1 : linux-fsl-imx51 vulnerabilities
code	# This script was automatically generated from Ubuntu Security # Notice USN-1318-1. It is released under the Nessus Script # Licence. # # Ubuntu Security Notices are (C) Canonical, Inc. # See http://www.ubuntu.com/usn/ # Ubuntu(R) is a registered trademark of Canonical, Inc. if (!defined_func("bn_random")) exit(0); include("compat.inc"); if (description) { script_id(57447); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2016/12/01 20:56:51 $"); script_cve_id("CVE-2011-1162", "CVE-2011-2203", "CVE-2011-4110"); script_xref(name:"USN", value:"1318-1"); script_name(english:"USN-1318-1 : linux-fsl-imx51 vulnerabilities"); script_summary(english:"Checks dpkg output for updated package(s)"); script_set_attribute(attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches."); script_set_attribute(attribute:"description", value: "Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)"); script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1318-1/"); script_set_attribute(attribute:"solution", value:"Update the affected package(s)."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/05"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Ubuntu Local Security Checks"); script_copyright("Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("ubuntu.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu."); if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages."); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.31-612-imx51", pkgver:"2.6.31-612.32")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:ubuntu_report_get()); else security_note(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1337-1.NASL
description	Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57661
published	2012-01-24
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57661
title	Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1337-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1337-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(57661); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-1162", "CVE-2011-2203", "CVE-2011-4110"); script_bugtraq_id(48236, 50755, 50764); script_xref(name:"USN", value:"1337-1"); script_name(english:"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1337-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1337-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-1162", "CVE-2011-2203", "CVE-2011-4110"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1337-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-13-generic", pkgver:"2.6.38-13.54~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-13-generic-pae", pkgver:"2.6.38-13.54~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-13-server", pkgver:"2.6.38-13.54~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.38-13-virtual", pkgver:"2.6.38-13.54~lucid1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2389.NASL
description	Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-2183 Andrea Righi reported an issue in KSM, a memory-saving de-duplication feature. By exploiting a race with exiting tasks, local users can cause a kernel oops, resulting in a denial of service. - CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. - CVE-2011-2898 Eric Dumazet reported an information leak in the raw packet socket implementation. - CVE-2011-3353 Han-Wen Nienhuys reported a local denial of service issue in the FUSE (Filesystem in Userspace) support in the Linux kernel. Local users could cause a buffer overflow, leading to a kernel oops and resulting in a denial of service. - CVE-2011-4077 Carlos Maiolino reported an issue in the XFS filesystem. A local user with the ability to mount a filesystem could corrupt memory resulting in a denial of service or possibly gain elevated privileges. - CVE-2011-4110 David Howells reported an issue in the kernel
last seen	2020-03-17
modified	2012-01-18
plugin id	57583
published	2012-01-18
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57583
title	Debian DSA-2389-1 : linux-2.6 - privilege escalation/denial of service/information leak
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2389. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(57583); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2898", "CVE-2011-3353", "CVE-2011-4077", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4611", "CVE-2011-4622", "CVE-2011-4914"); script_bugtraq_id(46935, 48101, 48333, 48986, 49527, 50370, 50755, 51081, 51172, 51176); script_xref(name:"DSA", value:"2389"); script_name(english:"Debian DSA-2389-1 : linux-2.6 - privilege escalation/denial of service/information leak"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-2183 Andrea Righi reported an issue in KSM, a memory-saving de-duplication feature. By exploiting a race with exiting tasks, local users can cause a kernel oops, resulting in a denial of service. - CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. - CVE-2011-2898 Eric Dumazet reported an information leak in the raw packet socket implementation. - CVE-2011-3353 Han-Wen Nienhuys reported a local denial of service issue in the FUSE (Filesystem in Userspace) support in the Linux kernel. Local users could cause a buffer overflow, leading to a kernel oops and resulting in a denial of service. - CVE-2011-4077 Carlos Maiolino reported an issue in the XFS filesystem. A local user with the ability to mount a filesystem could corrupt memory resulting in a denial of service or possibly gain elevated privileges. - CVE-2011-4110 David Howells reported an issue in the kernel's access key retention system which allow local users to cause a kernel oops leading to a denial of service. - CVE-2011-4127 Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough support for SCSI devices. Users with permission to access restricted portions of a device (e.g. a partition or a logical volume) can obtain access to the entire device by way of the SG_IO ioctl. This could be exploited by a local user or privileged VM guest to achieve a privilege escalation. - CVE-2011-4611 Maynard Johnson reported an issue with the perf support on POWER7 systems that allows local users to cause a denial of service. - CVE-2011-4622 Jan Kiszka reported an issue in the KVM PIT timer support. Local users with the permission to use KVM can cause a denial of service by starting a PIT timer without first setting up the irqchip. - CVE-2011-4914 Ben Hutchings reported various bounds checking issues within the ROSE protocol support in the kernel. Remote users could possibly use this to gain access to sensitive memory or cause a denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-2183" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-2213" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-2898" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3353" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4077" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4110" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4127" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4611" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4622" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4914" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/linux-2.6" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2389" ); script_set_attribute( attribute:"solution", value: "Upgrade the linux-2.6 and user-mode-linux packages. For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution (lenny) will be available soon. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update : Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+39squeeze1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"firmware-linux-free", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-base", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-doc-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-486", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-4kc-malta", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-5kc-malta", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686-bigmem", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-armel", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-i386", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-ia64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mips", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mipsel", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-s390", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-sparc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-openvz", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-vserver", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-xen", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-iop32x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-itanium", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-ixp4xx", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-kirkwood", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-mckinley", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-orion5x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc-smp", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r4k-ip22", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-cobalt", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-ip32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-s390x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64-smp", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-versatile", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-itanium", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-mckinley", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-s390x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-sparc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-486", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-4kc-malta", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-5kc-malta", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-iop32x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-itanium", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-ixp4xx", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-kirkwood", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-mckinley", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-orion5x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc-smp", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r4k-ip22", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-cobalt", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-ip32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x-tape", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64-smp", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-versatile", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-itanium", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-mckinley", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-s390x", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-sparc64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64-dbg", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-libc-dev", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-manual-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-patch-debian-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-source-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-support-2.6.32-5", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"linux-tools-2.6.32", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-686", reference:"2.6.32-39squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-amd64", reference:"2.6.32-39squeeze1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1330-1.NASL
description	Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem
last seen	2020-06-01
modified	2020-06-02
plugin id	57534
published	2012-01-13
reporter	Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57534
title	USN-1330-1 : linux-ti-omap4 vulnerabilities
code	# This script was automatically generated from Ubuntu Security # Notice USN-1330-1. It is released under the Nessus Script # Licence. # # Ubuntu Security Notices are (C) Canonical, Inc. # See http://www.ubuntu.com/usn/ # Ubuntu(R) is a registered trademark of Canonical, Inc. if (!defined_func("bn_random")) exit(0); include("compat.inc"); if (description) { script_id(57534); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2016/12/01 20:56:51 $"); script_cve_id("CVE-2011-2203", "CVE-2011-4077", "CVE-2011-4110", "CVE-2011-4132", "CVE-2011-4330"); script_xref(name:"USN", value:"1330-1"); script_name(english:"USN-1330-1 : linux-ti-omap4 vulnerabilities"); script_summary(english:"Checks dpkg output for updated package(s)"); script_set_attribute(attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches."); script_set_attribute(attribute:"description", value: "Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132) Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330)"); script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1330-1/"); script_set_attribute(attribute:"solution", value:"Update the affected package(s)."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/13"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Ubuntu Local Security Checks"); script_copyright("Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("ubuntu.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu."); if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages."); flag = 0; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-1206-omap4", pkgver:"3.0.0-1206.15")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20111206_SCIENTIFIC_LINUX_6_KERNEL_ON_SL6_X.NASL
description	The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) - Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) - A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with access to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate) - A NULL pointer dereference flaw was found in the way the Linux kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	61185
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61185
title	Scientific Linux Security Update : Scientific Linux 6 kernel on SL6.x i386/x86_64

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1325-1.NASL
description	Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)
last seen	2020-06-01
modified	2020-06-02
plugin id	57497
published	2012-01-12
reporter	Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57497
title	USN-1325-1 : linux-ti-omap4 vulnerabilities

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2013-0039.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.
last seen	2020-06-01
modified	2020-06-02
plugin id	79507
published	2014-11-26
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79507
title	OracleVM 2.2 : kernel (OVMSA-2013-0039)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1328-1.NASL
description	Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110).
last seen	2020-06-01
modified	2020-06-02
plugin id	57532
published	2012-01-13
reporter	Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57532
title	Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1328-1)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2011-1479.NASL
description	Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important) * A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	67086
published	2013-06-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67086
title	CentOS 5 : kernel (CESA-2011:1479)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-756.NASL
description	The openSUSE 11.4 kernel was updated to fix various bugs and security issues. This is the final update of the 2.6.37 kernel of openSUSE 11.4.
last seen	2020-06-05
modified	2014-06-13
plugin id	74801
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74801
title	openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1344-1.NASL
description	Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57687
published	2012-01-25
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57687
title	Ubuntu 10.04 LTS : linux vulnerabilities (USN-1344-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1322-1.NASL
description	Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57467
published	2012-01-10
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57467
title	Ubuntu 11.10 : linux vulnerability (USN-1322-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_KERNEL-8325.NASL
description	This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : - kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password (a side channel attack). (CVE-2011-2494) - net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel, when the nf_conntrack_ipv6 module is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. (CVE-2012-2744) - Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. (CVE-2012-3510) - The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and updating a negative key into a fully instantiated key. (CVE-2011-4110) - The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel did not initialize a certain response buffer, which allowed local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. (CVE-2011-1044) - Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. (CVE-2012-3400) - The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. (CVE-2012-2136) - A small denial of service leak in dropping syn+fin messages was fixed. (CVE-2012-2663) The following non-security issues have been fixed : Packaging : - kbuild: Fix gcc -x syntax (bnc#773831). NFS : - knfsd: An assortment of little fixes to the sunrpc cache code. (bnc#767766) - knfsd: Unexport cache_fresh and fix a small race. (bnc#767766) - knfsd: nfsd: do not drop silently on upcall deferral. (bnc#767766) - knfsd: svcrpc: remove another silent drop from deferral code. (bnc#767766) - sunrpc/cache: simplify cache_fresh_locked and cache_fresh_unlocked. (bnc#767766) - sunrpc/cache: recheck cache validity after cache_defer_req. (bnc#767766) - sunrpc/cache: use list_del_init for the list_head entries in cache_deferred_req. (bnc#767766) - sunrpc/cache: avoid variable over-loading in cache_defer_req. (bnc#767766) - sunrpc/cache: allow thread to block while waiting for cache update. (bnc#767766) - sunrpc/cache: Fix race in sunrpc/cache introduced by patch to allow thread to block while waiting for cache update. (bnc#767766) - sunrpc/cache: Another fix for race problem with sunrpc cache deferal. (bnc#767766) - knfsd: nfsd: make all exp_finding functions return -errnos on err. (bnc#767766) - Fix kabi breakage in previous nfsd patch series. (bnc#767766) - nfsd: Work around incorrect return type for wait_for_completion_interruptible_timeout. (bnc#767766) - nfs: Fix a potential file corruption issue when writing. (bnc#773272) - nfs: Allow sync writes to be multiple pages. (bnc#763526) - nfs: fix reference counting for NFSv4 callback thread. (bnc#767504) - nfs: flush signals before taking down callback thread. (bnc#767504) - nfsv4: Ensure nfs_callback_down() calls svc_destroy() (bnc#767504). SCSI : - SCSI/ch: Check NULL for kmalloc() return. (bnc#783058) - drivers/scsi/aic94xx/aic94xx_init.c: correct the size argument to kmalloc. (bnc#783058) - block: fail SCSI passthrough ioctls on partition devices. (bnc#738400) - dm: do not forward ioctls from logical volumes to the underlying device. (bnc#738400) - vmware: Fix VMware hypervisor detection (bnc#777575, bnc#770507). S/390 : - lgr: Make lgr_page static (bnc#772409,LTC#83520). - zfcp: Fix oops in _blk_add_trace() (bnc#772409,LTC#83510). - kernel: Add z/VM LGR detection (bnc#767277,LTC#RAS1203). - be2net: Fix EEH error reset before a flash dump completes. (bnc#755546) - mptfusion: fix msgContext in mptctl_hp_hostinfo. (bnc#767939) - PCI: Fix bus resource assignment on 32 bits with 64b resources. . (bnc#762581) - PCI: fix up setup-bus.c #ifdef. (bnc#762581) - x86: powernow-k8: Fix indexing issue. (bnc#758985) - net: Fix race condition about network device name allocation. (bnc#747576) XEN : - smpboot: adjust ordering of operations. - xen/x86-64: provide a memset() that can deal with 4Gb or above at a time. (bnc#738528) - xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53. (bnc#760974) - xen/gntdev: fix multi-page slot allocation. (bnc#760974)
last seen	2020-06-05
modified	2012-10-24
plugin id	62676
published	2012-10-24
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62676
title	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8325)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-0333.NASL
description	Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. (CVE-2011-4127, Important) * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. (CVE-2011-2918, Moderate) * A local, unprivileged user could use flaws in the XFS file system implementation to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, CVE-2012-0038, Moderate) * A local, unprivileged user could use a flaw in the Out of Memory (OOM) killer to monopolize memory, have their process skipped by the OOM killer, or cause other tasks to be terminated. (CVE-2011-4097, Moderate) * A local, unprivileged user could use a flaw in the key management facility to cause a denial of service. (CVE-2011-4110, Moderate) * A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A local attacker could use a flaw in the Journaling Block Device (JBD) to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in igmp_heard_query() could allow an attacker, who is able to send certain IGMP (Internet Group Management Protocol) packets to a target system, to cause a denial of service. (CVE-2012-0207, Moderate) * If lock contention during signal sending occurred when in a software interrupt handler that is using the per-CPU debug stack, the task could be scheduled out on the realtime kernel, possibly leading to debug stack corruption. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-0810, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Wang Xi for reporting CVE-2012-0038; Shubham Goyal for reporting CVE-2011-4097; Andy Adamson for reporting CVE-2011-4131; and Simon McVittie for reporting CVE-2012-0207. Bug fixes : * When a sleeping task, waiting on a futex (fast userspace mutex), tried to get the spin_lock(hb->lock) RT-mutex, if the owner of the futex released the lock, the sleeping task was put on a futex proxy lock. Consequently, the sleeping task was blocked on two locks and eventually terminated in the BUG_ON() function. With this update, the WAKEUP_INPROGRESS pseudo-lock has been added to be used as a proxy lock. This pseudo-lock tells the sleeping task that it is being woken up so that the task no longer tries to get the second lock. Now, the futex code works as expected and sleeping tasks no longer crash in the described scenario. (BZ#784733) * When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario. (BZ#786145) * Previously, when a read operation on a loop device failed, the data successfully read from the device was not cleared and could eventually leak. This bug has been fixed and all data are now properly cleared in the described scenario. (BZ#761420) * Due to an assembler-sourced object, the perf utility (from the perf-rt package) for AMD64 and Intel 64 architectures contained an executable stack. This update adds the
last seen	2020-06-01
modified	2020-06-02
plugin id	76639
published	2014-07-22
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76639
title	RHEL 6 : MRG (RHSA-2012:0333)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-1479.NASL
description	Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important) * A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	56974
published	2011-11-30
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/56974
title	RHEL 5 : kernel (RHSA-2011:1479)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-16621.NASL
description	Update from kernel 3.1.1 to 3.1.4 : - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3. 1.4 - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog- 3.1.3 - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog- 3.1.2 Additional changes : - Fix virtualbox: use a different method to fake version 2.6.4X - Partially fix reported stalls during heavy I/O - Fix problems with udev probing Wacom bluetooth tablets - Fix a Nouveau bug (#751753) reported against F16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57076
published	2011-12-12
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57076
title	Fedora 15 : kernel-2.6.41.4-1.fc15 (2011-16621)

NASL family	SuSE Local Security Checks
NASL id	SUSE_KERNEL-8324.NASL
description	This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : - kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password (a side channel attack). (CVE-2011-2494) - net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel, when the nf_conntrack_ipv6 module is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. (CVE-2012-2744) - Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. (CVE-2012-3510) - The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and updating a negative key into a fully instantiated key. (CVE-2011-4110) - The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel did not initialize a certain response buffer, which allowed local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. (CVE-2011-1044) - Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. (CVE-2012-3400) - The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. (CVE-2012-2136) - A small denial of service leak in dropping syn+fin messages was fixed. (CVE-2012-2663) The following non-security issues have been fixed : Packaging : - kbuild: Fix gcc -x syntax (bnc#773831). NFS : - knfsd: An assortment of little fixes to the sunrpc cache code. (bnc#767766) - knfsd: Unexport cache_fresh and fix a small race. (bnc#767766) - knfsd: nfsd: do not drop silently on upcall deferral. (bnc#767766) - knfsd: svcrpc: remove another silent drop from deferral code. (bnc#767766) - sunrpc/cache: simplify cache_fresh_locked and cache_fresh_unlocked. (bnc#767766) - sunrpc/cache: recheck cache validity after cache_defer_req. (bnc#767766) - sunrpc/cache: use list_del_init for the list_head entries in cache_deferred_req. (bnc#767766) - sunrpc/cache: avoid variable over-loading in cache_defer_req. (bnc#767766) - sunrpc/cache: allow thread to block while waiting for cache update. (bnc#767766) - sunrpc/cache: Fix race in sunrpc/cache introduced by patch to allow thread to block while waiting for cache update. (bnc#767766) - sunrpc/cache: Another fix for race problem with sunrpc cache deferal. (bnc#767766) - knfsd: nfsd: make all exp_finding functions return -errnos on err. (bnc#767766) - Fix kabi breakage in previous nfsd patch series. (bnc#767766) - nfsd: Work around incorrect return type for wait_for_completion_interruptible_timeout. (bnc#767766) - nfs: Fix a potential file corruption issue when writing. (bnc#773272) - nfs: Allow sync writes to be multiple pages. (bnc#763526) - nfs: fix reference counting for NFSv4 callback thread. (bnc#767504) - nfs: flush signals before taking down callback thread. (bnc#767504) - nfsv4: Ensure nfs_callback_down() calls svc_destroy() (bnc#767504). SCSI : - SCSI/ch: Check NULL for kmalloc() return. (bnc#783058) - drivers/scsi/aic94xx/aic94xx_init.c: correct the size argument to kmalloc. (bnc#783058) - block: fail SCSI passthrough ioctls on partition devices. (bnc#738400) - dm: do not forward ioctls from logical volumes to the underlying device. (bnc#738400) - vmware: Fix VMware hypervisor detection (bnc#777575, bnc#770507). S/390 : - lgr: Make lgr_page static (bnc#772409,LTC#83520). - zfcp: Fix oops in _blk_add_trace() (bnc#772409,LTC#83510). - kernel: Add z/VM LGR detection (bnc#767277,LTC#RAS1203). - be2net: Fix EEH error reset before a flash dump completes. (bnc#755546) - mptfusion: fix msgContext in mptctl_hp_hostinfo. (bnc#767939) - PCI: Fix bus resource assignment on 32 bits with 64b resources. . (bnc#762581) - PCI: fix up setup-bus.c #ifdef. (bnc#762581) - x86: powernow-k8: Fix indexing issue. (bnc#758985) - net: Fix race condition about network device name allocation. (bnc#747576) XEN : - smpboot: adjust ordering of operations. - xen/x86-64: provide a memset() that can deal with 4Gb or above at a time. (bnc#738528) - xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53. (bnc#760974) - xen/gntdev: fix multi-page slot allocation. (bnc#760974)
last seen	2020-06-05
modified	2012-10-24
plugin id	62675
published	2012-10-24
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62675
title	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8324)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_KERNEL-120130.NASL
description	The SUSE Linux Enterprise 11 SP1 kernel was updated to 2.6.32.54, fixing lots of bugs and security issues. The following security issues have been fixed : - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127) - KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. (CVE-2011-4110) - Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. (CVE-2011-4081) - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077) - A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038) - A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132) - Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g. guessing passwords by typing speed). (CVE-2011-2494) - When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873) - When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-4164) - A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed. The following non-security issues have been fixed:. (CVE-2011-2699) - elousb: Fixed bug in USB core API usage, code cleanup. (bnc#733863) - cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry. (bnc#735453) - cifs: set server_eof in cifs_fattr_to_inode. (bnc#735453) - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink(). (bnc#726600) - block: add and use scsi_blk_cmd_ioctl. (bnc#738400 / CVE-2011-4127) - block: fail SCSI passthrough ioctls on partition devices. (bnc#738400 / CVE-2011-4127) - dm: do not forward ioctls from logical volumes to the underlying device. (bnc#738400 / CVE-2011-4127) - Silence some warnings about ioctls on partitions. - netxen: Remove all references to unified firmware file. (bnc#708625) - bonding: send out gratuitous arps even with no address configured. (bnc#742270) - patches.fixes/ocfs2-serialize_unaligned_aio.patch: ocfs2: serialize unaligned aio. (bnc#671479) - patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references. (bnc#729854, bnc#731004) - xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time. - ipmi: reduce polling when interrupts are available. (bnc#740867) - ipmi: reduce polling. (bnc#740867) - Linux 2.6.32.54. - export shrink_dcache_for_umount_subtree. - patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem. (bnc#736018) - PM / Sleep: Fix race between CPU hotplug and freezer. (bnc#740535) - jbd: Issue cache flush after checkpointing. (bnc#731770) - lpfc: make sure job exists when processing BSG. (bnc#735635) - Linux 2.6.32.53. - blktap: fix locking (again). (bnc#724734) - xen: Update Xen patches to 2.6.32.52. - Linux 2.6.32.52. - Linux 2.6.32.51. - Linux 2.6.32.50. - reiserfs: Lock buffers unconditionally in reiserfs_write_full_page(). (bnc#716023) - writeback: Include all dirty inodes in background writeback. (bnc#716023) - reiserfs: Fix quota mount option parsing. (bnc#728626) - bonding: check if clients MAC addr has changed. (bnc#729854) - rpc client can not deal with ENOSOCK, so translate it into ENOCONN. (bnc#733146) - st: modify tape driver to allow writing immediate filemarks. (bnc#688996) - xfs: fix for xfssyncd failure to wake. (bnc#722910) - ipmi: Fix deadlock in start_next_msg(). - net: bind() fix error return on wrong address family. (bnc#735216) - net: ipv4: relax AF_INET check in bind(). (bnc#735216) - net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs. (bnc#735216) - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported. (bnc#732296) - percpu: fix chunk range calculation. (bnc#668872) - x86, UV: Fix kdump reboot. (bnc#735446) - dm: Use done_bytes for io_completion. (bnc#711378) - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported. (bnc#732296) - Bluetooth: Add Atheros AR3012 one PID/VID supported. (bnc#732296) - fix missing hunk in oplock break patch. (bnc#706973) - patches.arch/s390-34-01-pfault-cpu-hotplug.patch: Refresh. Surrounded s390x lowcore change with __GENKSYMS__. (bnc#728339) - patches.xen/xen3-patch-2.6.30: Refresh. - sched, x86: Avoid unnecessary overflow in sched_clock. (bnc#725709) - ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.
last seen	2020-06-05
modified	2012-02-07
plugin id	57854
published	2012-02-07
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57854
title	SuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5732)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1324-1.NASL
description	Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57496
published	2012-01-12
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57496
title	Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1324-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2012-1391-1.NASL
description	This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password (a side channel attack). CVE-2012-2744: net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel, when the nf_conntrack_ipv6 module is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and updating a negative key into a fully instantiated key. CVE-2011-1044: The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel did not initialize a certain response buffer, which allowed local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. CVE-2012-2136: The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. CVE-2012-2663: A small denial of service leak in dropping syn+fin messages was fixed. The following non-security issues have been fixed : Packaging : - kbuild: Fix gcc -x syntax (bnc#773831). NFS : - knfsd: An assortment of little fixes to the sunrpc cache code (bnc#767766). - knfsd: Unexport cache_fresh and fix a small race (bnc#767766). - knfsd: nfsd: do not drop silently on upcall deferral (bnc#767766). - knfsd: svcrpc: remove another silent drop from deferral code (bnc#767766). - sunrpc/cache: simplify cache_fresh_locked and cache_fresh_unlocked (bnc#767766). - sunrpc/cache: recheck cache validity after cache_defer_req (bnc#767766). - sunrpc/cache: use list_del_init for the list_head entries in cache_deferred_req (bnc#767766). - sunrpc/cache: avoid variable over-loading in cache_defer_req (bnc#767766). - sunrpc/cache: allow thread to block while waiting for cache update (bnc#767766). - sunrpc/cache: Fix race in sunrpc/cache introduced by patch to allow thread to block while waiting for cache update (bnc#767766). - sunrpc/cache: Another fix for race problem with sunrpc cache deferal (bnc#767766). - knfsd: nfsd: make all exp_finding functions return -errnos on err (bnc#767766). - Fix kabi breakage in previous nfsd patch series (bnc#767766). - nfsd: Work around incorrect return type for wait_for_completion_interruptible_timeout (bnc#767766). - nfs: Fix a potential file corruption issue when writing (bnc#773272). - nfs: Allow sync writes to be multiple pages (bnc#763526). - nfs: fix reference counting for NFSv4 callback thread (bnc#767504). - nfs: flush signals before taking down callback thread (bnc#767504). - nfsv4: Ensure nfs_callback_down() calls svc_destroy() (bnc#767504). SCSI : - SCSI/ch: Check NULL for kmalloc() return (bnc#783058). drivers/scsi/aic94xx/aic94xx_init.c: correct the size argument to kmalloc (bnc#783058). block: fail SCSI passthrough ioctls on partition devices (bnc#738400). dm: do not forward ioctls from logical volumes to the underlying device (bnc#738400). vmware: Fix VMware hypervisor detection (bnc#777575, bnc#770507). S/390 : - lgr: Make lgr_page static (bnc#772409,LTC#83520). - zfcp: Fix oops in _blk_add_trace() (bnc#772409,LTC#83510). kernel: Add z/VM LGR detection (bnc#767277,LTC#RAS1203). be2net: Fix EEH error reset before a flash dump completes (bnc#755546). - mptfusion: fix msgContext in mptctl_hp_hostinfo (bnc#767939). - PCI: Fix bus resource assignment on 32 bits with 64b resources. (bnc#762581) - PCI: fix up setup-bus.c #ifdef. (bnc#762581) x86: powernow-k8: Fix indexing issue (bnc#758985). net: Fix race condition about network device name allocation (bnc#747576). XEN : - smpboot: adjust ordering of operations. - xen/x86-64: provide a memset() that can deal with 4Gb or above at a time (bnc#738528). - xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53 (bnc#760974). - xen/gntdev: fix multi-page slot allocation (bnc#760974). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-05-20
plugin id	83563
published	2015-05-20
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/83563
title	SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2012:1391-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1340-1.NASL
description	Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem
last seen	2020-06-01
modified	2020-06-02
plugin id	57664
published	2012-01-24
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57664
title	Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1340-1)

NASL family	Misc.
NASL id	VMWARE_VMSA-2012-0013_REMOTE.NASL
description	The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
last seen	2020-06-01
modified	2020-06-02
plugin id	89038
published	2016-02-29
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89038
title	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1323-1.NASL
description	Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	57495
published	2012-01-12
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57495
title	Ubuntu 8.04 LTS : linux vulnerabilities (USN-1323-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1341-1.NASL
description	Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759) Ben Hutchings reported a flaw in the kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	57665
published	2012-01-24
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57665
title	Ubuntu 10.10 : linux vulnerabilities (USN-1341-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2013-1832-1.NASL
description	The SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up update to fix lots of moderate security issues and several bugs. The Following security issues have been fixed : CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password. CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. CVE-2013-0160: The Linux kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application. CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6546: The ATM implementation in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel memory via a crafted application. CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel had an incorrect return value in certain circumstances, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. CVE-2011-2492: The bluetooth subsystem in the Linux kernel did not properly initialize certain data structures, which allowed local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel on unspecified architectures lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and
last seen	2020-06-05
modified	2015-05-20
plugin id	83603
published	2015-05-20
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/83603
title	SUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-0116.NASL
description	Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) * A missing validation flaw was found in the Linux kernel
last seen	2020-04-12
modified	2013-01-24
plugin id	64027
published	2013-01-24
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64027
title	RHEL 6 : kernel (RHSA-2012:0116)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_KERNEL-120129.NASL
description	The SUSE Linux Enterprise 11 SP1 kernel has been updated to 2.6.32.54, fixing numerous bugs and security issues. The following security issues have been fixed : - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127) - KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel. (CVE-2011-4110) - Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel. (CVE-2011-4081) - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077) - A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038) - A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132) - Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g. guessing passwords by typing speed). (CVE-2011-2494) - When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873) - When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-4164) - A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed. (CVE-2011-2699) The following non-security issues have been fixed (excerpt from changelog) : - elousb: Fixed bug in USB core API usage, code cleanup. - cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry. - cifs: set server_eof in cifs_fattr_to_inode. - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink(). - Silence some warnings about ioctls on partitions. - netxen: Remove all references to unified firmware file. - bonding: send out gratuitous arps even with no address configured. - patches.fixes/ocfs2-serialize_unaligned_aio.patch: ocfs2: serialize unaligned aio. - patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references. - xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time. - ipmi: reduce polling when interrupts are available. - ipmi: reduce polling. - export shrink_dcache_for_umount_subtree. - patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem. - PM / Sleep: Fix race between CPU hotplug and freezer. - jbd: Issue cache flush after checkpointing. - lpfc: make sure job exists when processing BSG. - blktap: fix locking (again). - xen: Update Xen patches to 2.6.32.52. - reiserfs: Lock buffers unconditionally in reiserfs_write_full_page(). - writeback: Include all dirty inodes in background writeback. - reiserfs: Fix quota mount option parsing. - bonding: check if clients MAC addr has changed. - rpc client can not deal with ENOSOCK, so translate it into ENOCONN. - st: modify tape driver to allow writing immediate filemarks. - xfs: fix for xfssyncd failure to wake. - ipmi: Fix deadlock in start_next_msg(). - net: bind() fix error return on wrong address family. - net: ipv4: relax AF_INET check in bind(). - net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs. - Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported. - percpu: fix chunk range calculation. - x86, UV: Fix kdump reboot. - dm: Use done_bytes for io_completion. - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported. - Bluetooth: Add Atheros AR3012 one PID/VID supported. - fix missing hunk in oplock break patch. - patches.arch/s390-34-01-pfault-cpu-hotplug.patch: Refresh. - Surrounded s390x lowcore change with __GENKSYMS__ - patches.xen/xen3-patch-2.6.30: Refresh. - sched, x86: Avoid unnecessary overflow in sched_clock. - ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.
last seen	2020-06-05
modified	2012-02-07
plugin id	57853
published	2012-02-07
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57853
title	SuSE 11.1 Security Update : Linux Kernel (SAT Patch Numbers 5723 / 5725)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1336-1.NASL
description	Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem
last seen	2020-06-01
modified	2020-06-02
plugin id	57660
published	2012-01-24
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57660
title	Ubuntu 11.10 : linux vulnerability (USN-1336-1)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2011-1479.NASL
description	From Red Hat Security Advisory 2011:1479 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important) * A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	68394
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68394
title	Oracle Linux 5 : kernel (ELSA-2011-1479)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1332-1.NASL
description	Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759) Ben Hutchings reported a flaw in the kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	57535
published	2012-01-13
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57535
title	Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1332-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-16237.NASL
description	Update to kernel 3.1.2: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.2 Additional changes : - Partially fix reported stalls during heavy I/O - Fix problems with udev probing Wacom bluetooth tablets Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	56941
published	2011-11-26
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/56941
title	Fedora 16 : kernel-3.1.2-1.fc16 (2011-16237)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2011-2037.NASL
description	The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
last seen	2020-06-01
modified	2020-06-02
plugin id	68425
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68425
title	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2037)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20111129_KERNEL_ON_SL5_X.NASL
description	The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting.(CVE-2011-1898, Important) - A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) - A NULL pointer dereference flaw was found in the way the Linux kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	61181
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61181
title	Scientific Linux Security Update : kernel on SL5.x i386/x86_64

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-16346.NASL
description	and CVE-2011-4110 Fix CVE-2011-4326 and CVE-2011-4132 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	56967
published	2011-11-29
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/56967
title	Fedora 14 : kernel-2.6.35.14-106.fc14 (2011-16346)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2011-1530.NASL
description	Updated kernel packages that fix multiple security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the second regular update. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) * A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with access to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	57012
published	2011-12-06
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/57012
title	RHEL 6 : kernel (RHSA-2011:1530)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-0010.NASL
description	Updated kernel-rt packages that fix several security issues and two bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important) * The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on were handled could allow a remote attacker to cause a denial of service. (CVE-2011-4326, Important) * GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate) * IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A flaw in the FUSE (Filesystem in Userspace) implementation could allow a local user in the fuse group who has access to mount a FUSE file system to cause a denial of service. (CVE-2011-3353, Moderate) * A flaw in the b43 driver. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate) * A flaw in the way CIFS shares with DFS referrals at their root were handled could allow an attacker on the local network, who is able to deploy a malicious CIFS server, to create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A flaw in the m_stop() implementation could allow a local, unprivileged user to trigger a denial of service. (CVE-2011-3637, Moderate) * Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate) * A flaw in the key management facility could allow a local, unprivileged user to cause a denial of service via the keyctl utility. (CVE-2011-4110, Moderate) * A flaw in the Journaling Block Device (JBD) could allow a local attacker to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * I/O statistics from the taskstats subsystem could be read without any restrictions, which could allow a local, unprivileged user to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) * Flaws in tpacket_rcv() and packet_recvmsg() could allow a local, unprivileged user to leak information to user-space. (CVE-2011-2898, Low) Red Hat would like to thank Darren Lavender for reporting CVE-2011-3191; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for reporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494. This update also fixes the following bugs : * Previously, a mismatch in the build-id of the kernel-rt and the one in the related debuginfo package caused failures in SystemTap and perf. (BZ#768413) * IBM x3650m3 systems were not able to boot the MRG Realtime kernel because they require a pmcraid driver that was not available. The pmcraid driver is included in this update. (BZ#753992) Users should upgrade to these updated packages, which correct these issues. The system must be rebooted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	76635
published	2014-07-22
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76635
title	RHEL 6 : MRG (RHSA-2012:0010)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2011-26.NASL
description	IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
last seen	2020-06-01
modified	2020-06-02
plugin id	69585
published	2013-09-04
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/69585
title	Amazon Linux AMI : kernel (ALAS-2011-26)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1319-1.NASL
description	Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)
last seen	2020-06-01
modified	2020-06-02
plugin id	57448
published	2012-01-06
reporter	Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57448
title	USN-1319-1 : linux-ti-omap4 vulnerabilities

Redhat

advisories

bugzilla

id	751297
title	CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

comment kernel earlier than 0:2.6.18-274.12.1.el5 is currently running
oval oval:com.redhat.rhsa:tst:20111479025
comment kernel earlier than 0:2.6.18-274.12.1.el5 is set to boot up on next boot
oval oval:com.redhat.rhsa:tst:20111479026

AND
comment kernel-doc is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479001
comment kernel-doc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314002

AND

comment kernel-xen-devel is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479003
comment kernel-xen-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314020

AND

comment kernel-headers is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479005
comment kernel-headers is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314006

AND
comment kernel is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479007
comment kernel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314008

AND

comment kernel-debug-devel is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479009
comment kernel-debug-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314004

AND
comment kernel-xen is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479011
comment kernel-xen is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314018
AND
comment kernel-devel is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479013
comment kernel-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314016
AND
comment kernel-debug is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479015
comment kernel-debug is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314014

AND

comment kernel-PAE-devel is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479017
comment kernel-PAE-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314022

AND
comment kernel-PAE is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479019
comment kernel-PAE is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314024

AND

comment kernel-kdump-devel is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479021
comment kernel-kdump-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314012

AND
comment kernel-kdump is earlier than 0:2.6.18-274.12.1.el5
oval oval:com.redhat.rhsa:tst:20111479023
comment kernel-kdump is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314010

rhsa

id	RHSA-2011:1479
released	2011-11-29
severity	Important
title	RHSA-2011:1479: kernel security, bug fix, and enhancement update (Important)

bugzilla

id	751297
title	CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

comment kernel earlier than 0:2.6.32-220.el6 is currently running
oval oval:com.redhat.rhsa:tst:20111530025
comment kernel earlier than 0:2.6.32-220.el6 is set to boot up on next boot
oval oval:com.redhat.rhsa:tst:20111530026

AND
comment kernel-doc is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530001
comment kernel-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842002

AND

comment kernel-firmware is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530003
comment kernel-firmware is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842004

AND

comment kernel-debug-devel is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530005
comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842008

AND
comment kernel is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530007
comment kernel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842012
AND
comment perf is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530009
comment perf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842006
AND
comment kernel-headers is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530011
comment kernel-headers is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842010
AND
comment kernel-devel is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530013
comment kernel-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842016
AND
comment kernel-debug is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530015
comment kernel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842014

AND

comment kernel-bootwrapper is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530017
comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842018

AND

comment kernel-kdump-devel is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530019
comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842022

AND
comment kernel-kdump is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530021
comment kernel-kdump is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842020
AND
comment python-perf is earlier than 0:2.6.32-220.el6
oval oval:com.redhat.rhsa:tst:20111530023
comment python-perf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111530024

rhsa

id	RHSA-2011:1530
released	2011-12-05
severity	Moderate
title	RHSA-2011:1530: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update (Moderate)

rpms

kernel-0:2.6.18-274.12.1.el5
kernel-PAE-0:2.6.18-274.12.1.el5
kernel-PAE-debuginfo-0:2.6.18-274.12.1.el5
kernel-PAE-devel-0:2.6.18-274.12.1.el5
kernel-debug-0:2.6.18-274.12.1.el5
kernel-debug-debuginfo-0:2.6.18-274.12.1.el5
kernel-debug-devel-0:2.6.18-274.12.1.el5
kernel-debuginfo-0:2.6.18-274.12.1.el5
kernel-debuginfo-common-0:2.6.18-274.12.1.el5
kernel-devel-0:2.6.18-274.12.1.el5
kernel-doc-0:2.6.18-274.12.1.el5
kernel-headers-0:2.6.18-274.12.1.el5
kernel-kdump-0:2.6.18-274.12.1.el5
kernel-kdump-debuginfo-0:2.6.18-274.12.1.el5
kernel-kdump-devel-0:2.6.18-274.12.1.el5
kernel-xen-0:2.6.18-274.12.1.el5
kernel-xen-debuginfo-0:2.6.18-274.12.1.el5
kernel-xen-devel-0:2.6.18-274.12.1.el5
kernel-0:2.6.32-220.el6
kernel-bootwrapper-0:2.6.32-220.el6
kernel-debug-0:2.6.32-220.el6
kernel-debug-debuginfo-0:2.6.32-220.el6
kernel-debug-devel-0:2.6.32-220.el6
kernel-debuginfo-0:2.6.32-220.el6
kernel-debuginfo-common-i686-0:2.6.32-220.el6
kernel-debuginfo-common-ppc64-0:2.6.32-220.el6
kernel-debuginfo-common-s390x-0:2.6.32-220.el6
kernel-debuginfo-common-x86_64-0:2.6.32-220.el6
kernel-devel-0:2.6.32-220.el6
kernel-doc-0:2.6.32-220.el6
kernel-firmware-0:2.6.32-220.el6
kernel-headers-0:2.6.32-220.el6
kernel-kdump-0:2.6.32-220.el6
kernel-kdump-debuginfo-0:2.6.32-220.el6
kernel-kdump-devel-0:2.6.32-220.el6
perf-0:2.6.32-220.el6
perf-debuginfo-0:2.6.32-220.el6
python-perf-0:2.6.32-220.el6
kernel-rt-0:2.6.33.9-rt31.79.el6rt
kernel-rt-debug-0:2.6.33.9-rt31.79.el6rt
kernel-rt-debug-debuginfo-0:2.6.33.9-rt31.79.el6rt
kernel-rt-debug-devel-0:2.6.33.9-rt31.79.el6rt
kernel-rt-debuginfo-0:2.6.33.9-rt31.79.el6rt
kernel-rt-debuginfo-common-x86_64-0:2.6.33.9-rt31.79.el6rt
kernel-rt-devel-0:2.6.33.9-rt31.79.el6rt
kernel-rt-doc-0:2.6.33.9-rt31.79.el6rt
kernel-rt-firmware-0:2.6.33.9-rt31.79.el6rt
kernel-rt-trace-0:2.6.33.9-rt31.79.el6rt
kernel-rt-trace-debuginfo-0:2.6.33.9-rt31.79.el6rt
kernel-rt-trace-devel-0:2.6.33.9-rt31.79.el6rt
kernel-rt-vanilla-0:2.6.33.9-rt31.79.el6rt
kernel-rt-vanilla-debuginfo-0:2.6.33.9-rt31.79.el6rt
kernel-rt-vanilla-devel-0:2.6.33.9-rt31.79.el6rt
kernel-0:2.6.32-131.25.1.el6
kernel-bootwrapper-0:2.6.32-131.25.1.el6
kernel-debug-0:2.6.32-131.25.1.el6
kernel-debug-debuginfo-0:2.6.32-131.25.1.el6
kernel-debug-devel-0:2.6.32-131.25.1.el6
kernel-debuginfo-0:2.6.32-131.25.1.el6
kernel-debuginfo-common-i686-0:2.6.32-131.25.1.el6
kernel-debuginfo-common-ppc64-0:2.6.32-131.25.1.el6
kernel-debuginfo-common-s390x-0:2.6.32-131.25.1.el6
kernel-debuginfo-common-x86_64-0:2.6.32-131.25.1.el6
kernel-devel-0:2.6.32-131.25.1.el6
kernel-doc-0:2.6.32-131.25.1.el6
kernel-firmware-0:2.6.32-131.25.1.el6
kernel-headers-0:2.6.32-131.25.1.el6
kernel-kdump-0:2.6.32-131.25.1.el6
kernel-kdump-debuginfo-0:2.6.32-131.25.1.el6
kernel-kdump-devel-0:2.6.32-131.25.1.el6
perf-0:2.6.32-131.25.1.el6
perf-debuginfo-0:2.6.32-131.25.1.el6
kernel-rt-0:3.0.18-rt34.53.el6rt
kernel-rt-debug-0:3.0.18-rt34.53.el6rt
kernel-rt-debug-debuginfo-0:3.0.18-rt34.53.el6rt
kernel-rt-debug-devel-0:3.0.18-rt34.53.el6rt
kernel-rt-debuginfo-0:3.0.18-rt34.53.el6rt
kernel-rt-debuginfo-common-x86_64-0:3.0.18-rt34.53.el6rt
kernel-rt-devel-0:3.0.18-rt34.53.el6rt
kernel-rt-doc-0:3.0.18-rt34.53.el6rt
kernel-rt-firmware-0:3.0.18-rt34.53.el6rt
kernel-rt-trace-0:3.0.18-rt34.53.el6rt
kernel-rt-trace-debuginfo-0:3.0.18-rt34.53.el6rt
kernel-rt-trace-devel-0:3.0.18-rt34.53.el6rt
kernel-rt-vanilla-0:3.0.18-rt34.53.el6rt
kernel-rt-vanilla-debuginfo-0:3.0.18-rt34.53.el6rt
kernel-rt-vanilla-devel-0:3.0.18-rt34.53.el6rt

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 50755 CVE ID: CVE-2011-4110 Linux Kernel在处理用户定义的键类型上存在空指针引用拒绝服务漏洞，攻击者可利用此漏洞使受影响计算机崩溃。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.kernel.org/
id	SSV:24263
last seen	2017-11-19
modified	2011-11-29
published	2011-11-29
reporter	Root
title	Linux kernel 2.6.x空指针引用拒绝服务漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

Seebug

References