Vulnerabilities > CVE-2011-4326 - Resource Management Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.

Vulnerable Configurations

Part Description Count
OS
Linux
1284
OS
Avaya
1
Hardware
Avaya
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1302-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57303
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57303
    titleUSN-1302-1 : linux-ti-omap4 vulnerabilities
    code
    # This script was automatically generated from Ubuntu Security
    # Notice USN-1302-1.  It is released under the Nessus Script 
    # Licence.
    #
    # Ubuntu Security Notices are (C) Canonical, Inc.
    # See http://www.ubuntu.com/usn/
    # Ubuntu(R) is a registered trademark of Canonical, Inc.
    
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57303);
      script_version("$Revision: 1.3 $");
      script_cvs_date("$Date: 2016/12/01 20:56:51 $");
    
     script_cve_id("CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330");
      script_xref(name:"USN", value:"1302-1");
    
      script_name(english:"USN-1302-1 : linux-ti-omap4 vulnerabilities");
      script_summary(english:"Checks dpkg output for updated package(s)");
    
      script_set_attribute(attribute:"synopsis", value: 
    "The remote Ubuntu host is missing one or more security-related
    patches.");
      script_set_attribute(attribute:"description", value:
    "A bug was discovered in the XFS filesystem's handling of pathnames. A
    local attacker could exploit this to crash the system, leading to a
    denial of service, or gain root privileges. (CVE-2011-4077)
    
    Nick Bowler discovered the kernel GHASH message digest algorithm
    incorrectly handled error conditions. A local attacker could exploit
    this to cause a kernel oops. (CVE-2011-4081)
    
    A flaw was found in the Journaling Block Device (JBD). A local
    attacker able to mount ext3 or ext4 file systems could exploit this
    to crash the system, leading to a denial of service. (CVE-2011-4132)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw
    to crash the system. (CVE-2011-4326)
    
    Clement Lecigne discovered a bug in the HFS file system bounds
    checking. When a malformed HFS file system is mounted a local user
    could crash the system or gain root privileges. (CVE-2011-4330)");
      script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1302-1/");
      script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/13");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/14");
      script_end_attributes();
        
      script_category(ACT_GATHER_INFO);
      script_family(english:"Ubuntu Local Security Checks");
    
      script_copyright("Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("ubuntu.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu.");
    if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages.");
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-903-omap4", pkgver:"2.6.35-903.28")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1304-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57305
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57305
    titleUSN-1304-1 : linux-ti-omap4 vulnerabilities
    code
    # This script was automatically generated from Ubuntu Security
    # Notice USN-1304-1.  It is released under the Nessus Script 
    # Licence.
    #
    # Ubuntu Security Notices are (C) Canonical, Inc.
    # See http://www.ubuntu.com/usn/
    # Ubuntu(R) is a registered trademark of Canonical, Inc.
    
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57305);
      script_version("$Revision: 1.3 $");
      script_cvs_date("$Date: 2016/12/01 20:56:51 $");
    
     script_cve_id("CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4087", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330");
      script_xref(name:"USN", value:"1304-1");
    
      script_name(english:"USN-1304-1 : linux-ti-omap4 vulnerabilities");
      script_summary(english:"Checks dpkg output for updated package(s)");
    
      script_set_attribute(attribute:"synopsis", value: 
    "The remote Ubuntu host is missing one or more security-related
    patches.");
      script_set_attribute(attribute:"description", value:
    "A bug was discovered in the XFS filesystem's handling of pathnames. A
    local attacker could exploit this to crash the system, leading to a
    denial of service, or gain root privileges. (CVE-2011-4077)
    
    Nick Bowler discovered the kernel GHASH message digest algorithm
    incorrectly handled error conditions. A local attacker could exploit
    this to cause a kernel oops. (CVE-2011-4081)
    
    Scot Doyle discovered that the bridge networking interface
    incorrectly handled certain network packets. A remote attacker could
    exploit this to crash the system, leading to a denial of service.
    (CVE-2011-4087)
    
    A flaw was found in the Journaling Block Device (JBD). A local
    attacker able to mount ext3 or ext4 file systems could exploit this
    to crash the system, leading to a denial of service. (CVE-2011-4132)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw
    to crash the system. (CVE-2011-4326)
    
    Clement Lecigne discovered a bug in the HFS file system bounds
    checking. When a malformed HFS file system is mounted a local user
    could crash the system or gain root privileges. (CVE-2011-4330)");
      script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1304-1/");
      script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/13");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/14");
      script_end_attributes();
        
      script_category(ACT_GATHER_INFO);
      script_family(english:"Ubuntu Local Security Checks");
    
      script_copyright("Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("ubuntu.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu.");
    if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages.");
    
    flag = 0;
    
    if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-1209-omap4", pkgver:"2.6.38-1209.18")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1465.NASL
    descriptionFrom Red Hat Security Advisory 2011:1465 : Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id68393
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68393
    titleOracle Linux 6 : kernel (ELSA-2011-1465)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2011:1465 and 
    # Oracle Linux Security Advisory ELSA-2011-1465 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68393);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:09");
    
      script_cve_id("CVE-2011-1162", "CVE-2011-1577", "CVE-2011-2494", "CVE-2011-2699", "CVE-2011-2905", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-3359", "CVE-2011-3363", "CVE-2011-3593", "CVE-2011-4326");
      script_bugtraq_id(47343, 48802, 49140, 49289, 49295, 49527, 49626, 49629, 50314, 50751);
      script_xref(name:"RHSA", value:"2011:1465");
    
      script_name(english:"Oracle Linux 6 : kernel (ELSA-2011-1465)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2011:1465 :
    
    Updated kernel packages that fix multiple security issues and various
    bugs are now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
    * IPv6 fragment identification value generation could allow a remote
    attacker to disrupt a target system's networking, preventing
    legitimate users from accessing its services. (CVE-2011-2699,
    Important)
    
    * A signedness issue was found in the Linux kernel's CIFS (Common
    Internet File System) implementation. A malicious CIFS server could
    send a specially crafted response to a directory read request that
    would result in a denial of service or privilege escalation on a
    system that has a CIFS share mounted. (CVE-2011-3191, Important)
    
    * A flaw was found in the way the Linux kernel handled fragmented IPv6
    UDP datagrams over the bridge with UDP Fragmentation Offload (UFO)
    functionality on. A remote attacker could use this flaw to cause a
    denial of service. (CVE-2011-4326, Important)
    
    * The way IPv4 and IPv6 protocol sequence numbers and fragment IDs
    were generated could allow a man-in-the-middle attacker to inject
    packets and possibly hijack connections. Protocol sequence numbers and
    fragment IDs are now more random. (CVE-2011-3188, Moderate)
    
    * A buffer overflow flaw was found in the Linux kernel's FUSE
    (Filesystem in Userspace) implementation. A local user in the fuse
    group who has access to mount a FUSE file system could use this flaw
    to cause a denial of service. (CVE-2011-3353, Moderate)
    
    * A flaw was found in the b43 driver in the Linux kernel. If a system
    had an active wireless interface that uses the b43 driver, an attacker
    able to send a specially crafted frame to that interface could cause a
    denial of service. (CVE-2011-3359, Moderate)
    
    * A flaw was found in the way CIFS shares with DFS referrals at their
    root were handled. An attacker on the local network who is able to
    deploy a malicious CIFS server could create a CIFS network share that,
    when mounted, would cause the client system to crash. (CVE-2011-3363,
    Moderate)
    
    * A flaw was found in the way the Linux kernel handled VLAN 0 frames
    with the priority tag set. When using certain network drivers, an
    attacker on the local network could use this flaw to cause a denial of
    service. (CVE-2011-3593, Moderate)
    
    * A flaw in the way memory containing security-related data was
    handled in tpm_read() could allow a local, unprivileged user to read
    the results of a previously run TPM command. (CVE-2011-1162, Low)
    
    * A heap overflow flaw was found in the Linux kernel's EFI GUID
    Partition Table (GPT) implementation. A local attacker could use this
    flaw to cause a denial of service by mounting a disk that contains
    specially crafted partition tables. (CVE-2011-1577, Low)
    
    * The I/O statistics from the taskstats subsystem could be read
    without any restrictions. A local, unprivileged user could use this
    flaw to gather confidential information, such as the length of a
    password used in a process. (CVE-2011-2494, Low)
    
    * It was found that the perf tool, a part of the Linux kernel's
    Performance Events implementation, could load its configuration file
    from the current working directory. If a local user with access to the
    perf tool were tricked into running perf in a directory that contains
    a specially crafted configuration file, it could cause perf to
    overwrite arbitrary files and directories accessible to that user.
    (CVE-2011-2905, Low)
    
    Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699;
    Darren Lavender for reporting CVE-2011-3191; Dan Kaminsky for
    reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363;
    Gideon Naim for reporting CVE-2011-3593; Peter Huewe for reporting
    CVE-2011-1162; Timo Warns for reporting CVE-2011-1577; and Vasiliy
    Kulikov of Openwall for reporting CVE-2011-2494.
    
    This update also fixes various bugs. Documentation for these changes
    will be available shortly from the Technical Notes document linked to
    in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2011-November/002479.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/11/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2011-1162", "CVE-2011-1577", "CVE-2011-2494", "CVE-2011-2699", "CVE-2011-2905", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-3359", "CVE-2011-3363", "CVE-2011-3593", "CVE-2011-4326");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2011-1465");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-2.6.32-131.21.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-131.21.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-131.21.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-131.21.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-131.21.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-131.21.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-131.21.1.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1311-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) A bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57342
    published2011-12-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57342
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-1311-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1311-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57342);
      script_version("1.11");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-1162", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330");
      script_bugtraq_id(50370, 50663, 50750, 50751, 50764);
      script_xref(name:"USN", value:"1311-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1311-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Peter Huewe discovered an information leak in the handling of reading
    security-related TPM data. A local, unprivileged user could read the
    results of a previous TPM command. (CVE-2011-1162)
    
    A bug was discovered in the XFS filesystem's handling of pathnames. A
    local attacker could exploit this to crash the system, leading to a
    denial of service, or gain root privileges. (CVE-2011-4077)
    
    Nick Bowler discovered the kernel GHASH message digest algorithm
    incorrectly handled error conditions. A local attacker could exploit
    this to cause a kernel oops. (CVE-2011-4081)
    
    A flaw was found in the Journaling Block Device (JBD). A local
    attacker able to mount ext3 or ext4 file systems could exploit this to
    crash the system, leading to a denial of service. (CVE-2011-4132)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw to
    crash the system. (CVE-2011-4326)
    
    Clement Lecigne discovered a bug in the HFS file system bounds
    checking. When a malformed HFS file system is mounted a local user
    could crash the system or gain root privileges. (CVE-2011-4330).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1311-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2011-1162", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1311-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-37-386", pkgver:"2.6.32-37.81")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-37-generic", pkgver:"2.6.32-37.81")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-37-generic-pae", pkgver:"2.6.32-37.81")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-37-lpia", pkgver:"2.6.32-37.81")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-37-preempt", pkgver:"2.6.32-37.81")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-37-server", pkgver:"2.6.32-37.81")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-37-versatile", pkgver:"2.6.32-37.81")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-37-virtual", pkgver:"2.6.32-37.81")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-386 / linux-image-2.6-generic / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1303-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) A bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57304
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57304
    titleUbuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1303-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1303-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57304);
      script_version("1.5");
      script_cvs_date("Date: 2019/01/02 16:37:56");
    
      script_cve_id("CVE-2011-1162", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330");
      script_bugtraq_id(50764);
      script_xref(name:"USN", value:"1303-1");
    
      script_name(english:"Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1303-1)");
      script_summary(english:"Checks dpkg output for updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Peter Huewe discovered an information leak in the handling of reading
    security-related TPM data. A local, unprivileged user could read the
    results of a previous TPM command. (CVE-2011-1162)
    
    A bug was discovered in the XFS filesystem's handling of pathnames. A
    local attacker could exploit this to crash the system, leading to a
    denial of service, or gain root privileges. (CVE-2011-4077)
    
    Nick Bowler discovered the kernel GHASH message digest algorithm
    incorrectly handled error conditions. A local attacker could exploit
    this to cause a kernel oops. (CVE-2011-4081)
    
    A flaw was found in the Journaling Block Device (JBD). A local
    attacker able to mount ext3 or ext4 file systems could exploit this to
    crash the system, leading to a denial of service. (CVE-2011-4132)
    
    A bug was found in the way headroom check was performed in
    udp6_ufo_fragment() function. A remote attacker could use this flaw to
    crash the system. (CVE-2011-4326)
    
    Clement Lecigne discovered a bug in the HFS file system bounds
    checking. When a malformed HFS file system is mounted a local user
    could crash the system or gain root privileges. (CVE-2011-4330)."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-2.6.32-421-dove package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/Ubuntu/release") ) audit(AUDIT_OS_NOT, "Ubuntu");
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.32-421-dove", pkgver:"2.6.32-421.39")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-111202.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 1 kernel has been updated to version 2.6.32.49 and fixes various bugs and security issues. - The TCP/IP initial sequence number generation effectively only used 24 bits of 32 to generate randomness, making a brute-force man-in-the-middle attack on TCP/IP connections feasible. The generator was changed to use full 32bit randomness. (CVE-2011-3188) - Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) - A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. (CVE-2011-2203) - Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. (CVE-2011-1833) - The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576) - A name overflow in the hfs filesystem was fixed, where mounting a corrupted hfs filesystem could lead to a stack overflow and code execution in the kernel. This requires a local attacker to be able to mount hfs filesystems. (CVE-2011-4330) - A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326) The following non-security bugs have been fixed : - ALSA: hda - Fix S3/S4 problem on machines with VREF-pin mute-LED. (bnc#732535) - patches.xen/xen-pcpu-hotplug: Fix a double kfree(). - ixgbe: fix bug with vlan strip in promsic mode (bnc#687049, fate#311821). - ixgbe: fix panic when shutting down system with WoL enabled. - fnic: Allow users to modify dev_loss_tmo setting. (bnc#719786) - x86, intel: Do not mark sched_clock() as stable. (bnc#725709) - ALSA: hda - Keep vref-LED during power-saving on IDT codecs. (bnc#731981) - cifs: Assume passwords are encoded according to iocharset. (bnc#731035) - scsi_dh: Check queuedata pointer before proceeding. (bnc#714744) - netback: use correct index for invalidation in netbk_tx_check_mop(). - ACPI video: introduce module parameter video.use_bios_initial_backlight. (bnc#731229) - SUNRPC: prevent task_cleanup running on freed xprt. (bnc#709671) - add device entry for Broadcom Valentine combo card. (bnc#722429) - quota: Fix WARN_ON in lookup_one_len. (bnc#728626) - Update Xen patches to 2.6.32.48. - pv-on-hvm/kexec: add xs_reset_watches to shutdown watches from old kernel. (bnc#694863) - x86: undo_limit_pages() must reset page count. - mm/vmstat.c: cache align vm_stat. (bnc#729721) - s390/ccwgroup: fix uevent vs dev attrs race (bnc#659101,LTC#69028). - Warn on pagecache limit usage (FATE309111). - SCSI: st: fix race in st_scsi_execute_end. (bnc#720536) - ACPI: introduce
    last seen2020-06-01
    modified2020-06-02
    plugin id57297
    published2011-12-14
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57297
    titleSuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5493 / 5510 / 5511)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111122_KERNEL_ON_SL6_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id61179
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61179
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1465.NASL
    descriptionUpdated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id56927
    published2011-11-23
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56927
    titleRHEL 6 : kernel (RHSA-2011:1465)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1256-1.NASL
    descriptionIt was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771) Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Ben Hutchings reported a flaw in the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id56768
    published2011-11-10
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56768
    titleUbuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1286-1.NASL
    descriptionVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491) Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496) It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517) Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57005
    published2011-12-05
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57005
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-1286-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-2033.NASL
    descriptionDescription of changes: * CVE-2011-1161: Information leak in transmission logic of TPM driver. A missing buffer size check in tpm_transmit could allow leaking of potentially sensitive kernel memory. * CVE-2011-1162: Information leak in TPM driver. A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * CVE-2011-2494: Information leak in task/process statistics. The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) * CVE-2011-3188: Weak TCP sequence number generation. The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * CVE-2011-1577: Missing boundary checks in GPT partition handling. A heap overflow flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id68424
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68424
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2033)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1294-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2942) Yasuaki Ishimatsu discovered a flaw in the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id57058
    published2011-12-09
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57058
    titleUbuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1294-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1193-1.NASL
    descriptionTimo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) Ben Hutchings reported a flaw in the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id55923
    published2011-08-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55923
    titleUbuntu 11.04 : linux vulnerabilities (USN-1193-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-16346.NASL
    descriptionand CVE-2011-4110 Fix CVE-2011-4326 and CVE-2011-4132 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56967
    published2011-11-29
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56967
    titleFedora 14 : kernel-2.6.35.14-106.fc14 (2011-16346)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1299-1.NASL
    descriptionPeter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) A bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57300
    published2011-12-14
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57300
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1299-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1293-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57057
    published2011-12-09
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57057
    titleUbuntu 10.10 : linux vulnerabilities (USN-1293-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0010.NASL
    descriptionUpdated kernel-rt packages that fix several security issues and two bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important) * The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on were handled could allow a remote attacker to cause a denial of service. (CVE-2011-4326, Important) * GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate) * IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A flaw in the FUSE (Filesystem in Userspace) implementation could allow a local user in the fuse group who has access to mount a FUSE file system to cause a denial of service. (CVE-2011-3353, Moderate) * A flaw in the b43 driver. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate) * A flaw in the way CIFS shares with DFS referrals at their root were handled could allow an attacker on the local network, who is able to deploy a malicious CIFS server, to create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A flaw in the m_stop() implementation could allow a local, unprivileged user to trigger a denial of service. (CVE-2011-3637, Moderate) * Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate) * A flaw in the key management facility could allow a local, unprivileged user to cause a denial of service via the keyctl utility. (CVE-2011-4110, Moderate) * A flaw in the Journaling Block Device (JBD) could allow a local attacker to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * I/O statistics from the taskstats subsystem could be read without any restrictions, which could allow a local, unprivileged user to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) * Flaws in tpacket_rcv() and packet_recvmsg() could allow a local, unprivileged user to leak information to user-space. (CVE-2011-2898, Low) Red Hat would like to thank Darren Lavender for reporting CVE-2011-3191; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for reporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494. This update also fixes the following bugs : * Previously, a mismatch in the build-id of the kernel-rt and the one in the related debuginfo package caused failures in SystemTap and perf. (BZ#768413) * IBM x3650m3 systems were not able to boot the MRG Realtime kernel because they require a pmcraid driver that was not available. The pmcraid driver is included in this update. (BZ#753992) Users should upgrade to these updated packages, which correct these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id76635
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76635
    titleRHEL 6 : MRG (RHSA-2012:0010)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1292-1.NASL
    descriptionA bug was discovered in the XFS filesystem
    last seen2020-06-01
    modified2020-06-02
    plugin id57056
    published2011-12-09
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57056
    titleUbuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1292-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2011-26.NASL
    descriptionIPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id69585
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69585
    titleAmazon Linux AMI : kernel (ALAS-2011-26)

Redhat

advisories
bugzilla
id755584
titleCVE-2011-4326 kernel: wrong headroom check in udp6_ufo_fragment()
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • commentkernel earlier than 0:2.6.32-131.21.1.el6 is currently running
        ovaloval:com.redhat.rhsa:tst:20111465023
      • commentkernel earlier than 0:2.6.32-131.21.1.el6 is set to boot up on next boot
        ovaloval:com.redhat.rhsa:tst:20111465024
    • OR
      • AND
        • commentkernel-doc is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465001
        • commentkernel-doc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842002
      • AND
        • commentkernel-firmware is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465003
        • commentkernel-firmware is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842004
      • AND
        • commentkernel-debug is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465005
        • commentkernel-debug is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842014
      • AND
        • commentkernel-headers is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465007
        • commentkernel-headers is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842010
      • AND
        • commentkernel-devel is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465009
        • commentkernel-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842016
      • AND
        • commentperf is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465011
        • commentperf is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842006
      • AND
        • commentkernel-debug-devel is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465013
        • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842008
      • AND
        • commentkernel is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465015
        • commentkernel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842012
      • AND
        • commentkernel-kdump is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465017
        • commentkernel-kdump is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842020
      • AND
        • commentkernel-kdump-devel is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465019
        • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842022
      • AND
        • commentkernel-bootwrapper is earlier than 0:2.6.32-131.21.1.el6
          ovaloval:com.redhat.rhsa:tst:20111465021
        • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842018
rhsa
idRHSA-2011:1465
released2011-11-22
severityImportant
titleRHSA-2011:1465: kernel security and bug fix update (Important)
rpms
  • kernel-0:2.6.32-131.21.1.el6
  • kernel-bootwrapper-0:2.6.32-131.21.1.el6
  • kernel-debug-0:2.6.32-131.21.1.el6
  • kernel-debug-debuginfo-0:2.6.32-131.21.1.el6
  • kernel-debug-devel-0:2.6.32-131.21.1.el6
  • kernel-debuginfo-0:2.6.32-131.21.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-131.21.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-131.21.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-131.21.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-131.21.1.el6
  • kernel-devel-0:2.6.32-131.21.1.el6
  • kernel-doc-0:2.6.32-131.21.1.el6
  • kernel-firmware-0:2.6.32-131.21.1.el6
  • kernel-headers-0:2.6.32-131.21.1.el6
  • kernel-kdump-0:2.6.32-131.21.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-131.21.1.el6
  • kernel-kdump-devel-0:2.6.32-131.21.1.el6
  • perf-0:2.6.32-131.21.1.el6
  • perf-debuginfo-0:2.6.32-131.21.1.el6
  • kernel-rt-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debug-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debug-debuginfo-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debug-devel-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debuginfo-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-devel-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-doc-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-firmware-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-trace-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-trace-debuginfo-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-trace-devel-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-vanilla-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-vanilla-debuginfo-0:2.6.33.9-rt31.79.el6rt
  • kernel-rt-vanilla-devel-0:2.6.33.9-rt31.79.el6rt