Vulnerabilities > CVE-2012-0879 - Resource Exhaustion vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
canonical
debian
suse
CWE-400
nessus

Summary

The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

Vulnerable Configurations

Part Description Count
OS
Linux
1176
OS
Canonical
1
OS
Debian
1
OS
Suse
6

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0481.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Numerous reference count leaks were found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58803
    published2012-04-20
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58803
    titleCentOS 6 : kernel (CESA-2012:0481)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:0481 and 
    # CentOS Errata and Security Advisory 2012:0481 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58803);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/28");
    
      script_cve_id("CVE-2012-0879", "CVE-2012-1090", "CVE-2012-1097");
      script_bugtraq_id(52152, 52197, 52274);
      script_xref(name:"RHSA", value:"2012:0481");
    
      script_name(english:"CentOS 6 : kernel (CESA-2012:0481)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Updated kernel packages that fix multiple security issues, several
    bugs, and add various enhancements are now available for Red Hat
    Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
    * Numerous reference count leaks were found in the Linux kernel's
    block layer I/O context handling implementation. This could allow a
    local, unprivileged user to cause a denial of service. (CVE-2012-0879,
    Moderate)
    
    * A flaw was found in the Linux kernel's cifs_lookup() implementation.
    POSIX open during lookup should only be supported for regular files.
    When non-regular files (for example, a named (FIFO) pipe or other
    special files) are opened on lookup, it could cause a denial of
    service. (CVE-2012-1090, Moderate)
    
    * It was found that the Linux kernel's register set (regset) common
    infrastructure implementation did not check if the required get and
    set handlers were initialized. A local, unprivileged user could use
    this flaw to cause a denial of service by performing a register set
    operation with a ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET
    request. (CVE-2012-1097, Moderate)
    
    Red Hat would like to thank H. Peter Anvin for reporting
    CVE-2012-1097.
    
    This update also fixes several bugs and adds various enhancements.
    Documentation for these changes will be available shortly from the
    Technical Notes document linked to in the References section.
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues, and fix the bugs and add
    the enhancements noted in the Technical Notes. The system must be
    rebooted for this update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2012-April/018579.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b95ecb06"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1097");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-220.13.1.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1389-1.NASL
    descriptionPaolo Bonzini discovered a flaw in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id58270
    published2012-03-07
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58270
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-1389-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1389-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58270);
      script_version("1.13");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-4127", "CVE-2011-4347", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0879", "CVE-2012-2100");
      script_bugtraq_id(50811, 52152);
      script_xref(name:"USN", value:"1389-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1389-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl
    command. A local user, or user in a VM could exploit this flaw to
    bypass restrictions and gain read/write access to all data on the
    affected block device. (CVE-2011-4127)
    
    A flaw was found in KVM's Programmable Interval Timer (PIT). When a
    virtual interrupt control is not available a local user could use this
    to cause a denial of service by starting a timer. (CVE-2011-4622)
    
    A flaw was discovered in the XFS filesystem. If a local user mounts a
    specially crafted XFS image it could potential execute arbitrary code
    on the system. (CVE-2012-0038)
    
    A flaw was found in the Linux kernel's ext4 file system when mounting
    a corrupt filesystem. A user-assisted remote attacker could exploit
    this flaw to cause a denial of service. (CVE-2012-2100).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1389-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2011-4127", "CVE-2011-4347", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0879", "CVE-2012-2100");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1389-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-386", pkgver:"2.6.32-39.86")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-generic", pkgver:"2.6.32-39.86")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-generic-pae", pkgver:"2.6.32-39.86")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-lpia", pkgver:"2.6.32-39.86")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-preempt", pkgver:"2.6.32-39.86")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-server", pkgver:"2.6.32-39.86")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-versatile", pkgver:"2.6.32-39.86")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-virtual", pkgver:"2.6.32-39.86")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-386 / linux-image-2.6-generic / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2469.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-4086 Eric Sandeen reported an issue in the journaling layer for ext4 filesystems (jbd2). Local users can cause buffers to be accessed after they have been torn down, resulting in a denial of service (DoS) due to a system crash. - CVE-2012-0879 Louis Rilling reported two reference counting issues in the CLONE_IO feature of the kernel. Local users can prevent io context structures from being freed, resulting in a denial of service. - CVE-2012-1601 Michael Ellerman reported an issue in the KVM subsystem. Local users could cause a denial of service (NULL pointer dereference) by creating VCPUs before a call to KVM_CREATE_IRQCHIP. - CVE-2012-2123 Steve Grubb reported an issue in fcaps, a filesystem-based capabilities system. Personality flags set using this mechanism, such as the disabling of address space randomization, may persist across suid calls. - CVE-2012-2133 Shachar Raindel discovered a use-after-free bug in the hugepages quota implementation. Local users with permission to use hugepages via the hugetlbfs implementation may be able to cause a denial of service (system crash).
    last seen2020-03-17
    modified2012-05-11
    plugin id59070
    published2012-05-11
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59070
    titleDebian DSA-2469-1 : linux-2.6 - privilege escalation/denial of service
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2469. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59070);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2011-4086", "CVE-2012-0879", "CVE-2012-1601", "CVE-2012-2123", "CVE-2012-2133");
      script_bugtraq_id(51945, 52152, 53166, 53233);
      script_xref(name:"DSA", value:"2469");
    
      script_name(english:"Debian DSA-2469-1 : linux-2.6 - privilege escalation/denial of service");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service or privilege escalation. The Common
    Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2011-4086
        Eric Sandeen reported an issue in the journaling layer
        for ext4 filesystems (jbd2). Local users can cause
        buffers to be accessed after they have been torn down,
        resulting in a denial of service (DoS) due to a system
        crash.
    
      - CVE-2012-0879
        Louis Rilling reported two reference counting issues in
        the CLONE_IO feature of the kernel. Local users can
        prevent io context structures from being freed,
        resulting in a denial of service.
    
      - CVE-2012-1601
        Michael Ellerman reported an issue in the KVM subsystem.
        Local users could cause a denial of service (NULL
        pointer dereference) by creating VCPUs before a call to
        KVM_CREATE_IRQCHIP.
    
      - CVE-2012-2123
        Steve Grubb reported an issue in fcaps, a
        filesystem-based capabilities system. Personality flags
        set using this mechanism, such as the disabling of
        address space randomization, may persist across suid
        calls.
    
      - CVE-2012-2133
        Shachar Raindel discovered a use-after-free bug in the
        hugepages quota implementation. Local users with
        permission to use hugepages via the hugetlbfs
        implementation may be able to cause a denial of service
        (system crash)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-4086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-0879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-1601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-2123"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-2133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/linux-2.6"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2012/dsa-2469"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the linux-2.6 and user-mode-linux packages.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 2.6.32-44. Updates are currently only available for the amd64,
    i386 and sparc ports.
    
    Note: updated linux-2.6 packages will also be made available in the
    release of Debian 6.0.5, scheduled to take place the weekend of
    2012.05.12. This pending update will be version 2.6.32-45, and
    provides an additional fix for build failures on some architectures.
    Users for whom this update is not critical, and who may wish to avoid
    multiple reboots, should consider waiting for the 6.0.5 release before
    updating, or installing the 2.6.32-45 version ahead of time from
    proposed-updates.
    
    The following matrix lists additional source packages that were
    rebuilt for compatibility with or to take advantage of this update :
    
                           Debian 6.0 (squeeze)  
      user-mode-linux       2.6.32-1um-4+44"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/05/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"firmware-linux-free", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-base", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-doc-2.6.32", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-486", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-4kc-malta", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-5kc-malta", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686-bigmem", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-amd64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-armel", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-i386", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-ia64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mips", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mipsel", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-powerpc", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-s390", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-sparc", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-amd64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-openvz", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-vserver", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-xen", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-iop32x", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-itanium", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-ixp4xx", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-kirkwood", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-mckinley", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-686", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-amd64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-orion5x", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc-smp", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r4k-ip22", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-cobalt", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-ip32", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-s390x", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64-smp", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-versatile", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-amd64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-itanium", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-mckinley", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-s390x", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-sparc64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-686", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-amd64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-486", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-4kc-malta", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-5kc-malta", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem-dbg", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64-dbg", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-iop32x", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-itanium", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-ixp4xx", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-kirkwood", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-mckinley", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686-dbg", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64-dbg", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-orion5x", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc-smp", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r4k-ip22", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-cobalt", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-ip32", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x-tape", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64-smp", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-versatile", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem-dbg", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64-dbg", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-itanium", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-mckinley", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-s390x", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-sparc64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686-dbg", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64-dbg", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-libc-dev", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-manual-2.6.32", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-patch-debian-2.6.32", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-source-2.6.32", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-support-2.6.32-5", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-tools-2.6.32", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-686", reference:"2.6.32-44")) flag++;
    if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-amd64", reference:"2.6.32-44")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120417_KERNEL_ON_SL6_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Numerous reference count leaks were found in the Linux kernel
    last seen2020-03-18
    modified2012-08-01
    plugin id61302
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61302
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120417)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61302);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/28");
    
      script_cve_id("CVE-2012-0879", "CVE-2012-1090", "CVE-2012-1097");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120417)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
      - Numerous reference count leaks were found in the Linux
        kernel's block layer I/O context handling
        implementation. This could allow a local, unprivileged
        user to cause a denial of service. (CVE-2012-0879,
        Moderate)
    
      - A flaw was found in the Linux kernel's cifs_lookup()
        implementation. POSIX open during lookup should only be
        supported for regular files. When non-regular files (for
        example, a named (FIFO) pipe or other special files) are
        opened on lookup, it could cause a denial of service.
        (CVE-2012-1090, Moderate)
    
      - It was found that the Linux kernel's register set
        (regset) common infrastructure implementation did not
        check if the required get and set handlers were
        initialized. A local, unprivileged user could use this
        flaw to cause a denial of service by performing a
        register set operation with a ptrace() PTRACE_SETREGSET
        or PTRACE_GETREGSET request. (CVE-2012-1097, Moderate)
    
    This update also fixes several bugs and adds various enhancements. The
    system must be rebooted for this update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=1355
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?33d9f371"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"kernel-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"i386", reference:"kernel-debuginfo-common-i686-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-220.13.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-220.13.1.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1408-1.NASL
    descriptionLouis Rilling discovered a flaw in Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58496
    published2012-03-27
    reporterUbuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58496
    titleUSN-1408-1 : linux-fsl-imx51 vulnerability
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1410-1.NASL
    descriptionLouis Rilling discovered a flaw in Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58498
    published2012-03-27
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58498
    titleUbuntu 10.04 LTS : linux-ec2 vulnerability (USN-1410-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0481.NASL
    descriptionFrom Red Hat Security Advisory 2012:0481 : Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Numerous reference count leaks were found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id68515
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68515
    titleOracle Linux 6 : kernel (ELSA-2012-0481)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0531.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues) CVE-2012-0884 and CVE-2012-1165 (openssl issues) CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues) This update also fixes the following bug : * The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver. (BZ#809463) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78922
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78922
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0481.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Numerous reference count leaks were found in the Linux kernel
    last seen2020-04-16
    modified2012-04-18
    plugin id58773
    published2012-04-18
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58773
    titleRHEL 6 : kernel (RHSA-2012:0481)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1411-1.NASL
    descriptionLouis Rilling discovered a flaw in Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58499
    published2012-03-27
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58499
    titleUbuntu 10.04 LTS : linux vulnerability (USN-1411-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-2007.NASL
    descriptionDescription of changes: * CVE-2012-0879: Denial of service in CLONE_IO. CLONE_IO reference counting error could be exploited by an unprivileged local user to cause denial of service. * CVE-2012-1097: NULL pointer dereference in the ptrace subsystem. Under certain circumstances, ptrace-ing a process could lead to a NULL pointer dereference and kernel panic. * CVE-2012-1090: Denial of service in the CIFS filesystem reference counting. Under certain circumstances, the CIFS filesystem would open a file on lookup. If the file was determined later to be a FIFO or any other special file the file handle would be leaked, leading to reference counting mismatch and a kernel OOPS on unmount. An unprivileged local user could use this flaw to crash the system. kernel-uek: [2.6.32-300.21.1.el6uek] - regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter Anvin) CVE-2012-1097 - regset: Prevent NULL pointer reference on readonly regsets (H. Peter Anvin) CVE-2012-1097 - cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton) CVE-2012-1090 - block: Fix io_context leak after failure of clone with CLONE_IO (Louis Rilling) CVE-2012-0879
    last seen2020-06-01
    modified2020-06-02
    plugin id68670
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68670
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2007)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1415-1.NASL
    descriptionLouis Rilling discovered a flaw in Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id58590
    published2012-04-04
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58590
    titleUbuntu 10.10 : linux-mvl-dove vulnerability (USN-1415-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-120428.NASL
    descriptionThe SUSE Linux Enterprise 11 SP1 kernel has been updated to the 2.6.32.59 stable release to fix a lot of bugs and security issues. The following security issues have been fixed : - A use after free bug in hugetlb support could be used by local attackers to crash the system. (CVE-2012-2133) - A NULL pointer dereference bug in the regsets proc file could be used by local attackers to perhaps crash the system. With mmap_min_addr is set and enabled, exploitation is unlikely. (CVE-2012-1097) - A reference counting issue in CLONE_IO could be used by local attackers to cause a denial of service (out of memory). (CVE-2012-0879) - A file handle leak in CIFS code could be used by local attackers to crash the system. (CVE-2012-1090) - Large nested epoll chains could be used by local attackers to cause a denial of service (excessive CPU consumption). (CVE-2011-1083) - When using KVM, programming a PIT timer without a irqchip configuration, can be used to crash the kvm guest. This likely can be done only by a privileged guest user. (CVE-2011-4622) - A KVM 32bit guest crash in
    last seen2020-06-05
    modified2013-01-25
    plugin id64173
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64173
    titleSuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 6227 / 6229 / 6230)

Redhat

advisories
  • rhsa
    idRHSA-2012:0481
  • rhsa
    idRHSA-2012:0531
rpms
  • kernel-0:2.6.32-220.13.1.el6
  • kernel-bootwrapper-0:2.6.32-220.13.1.el6
  • kernel-debug-0:2.6.32-220.13.1.el6
  • kernel-debug-debuginfo-0:2.6.32-220.13.1.el6
  • kernel-debug-devel-0:2.6.32-220.13.1.el6
  • kernel-debuginfo-0:2.6.32-220.13.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-220.13.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-220.13.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-220.13.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.13.1.el6
  • kernel-devel-0:2.6.32-220.13.1.el6
  • kernel-doc-0:2.6.32-220.13.1.el6
  • kernel-firmware-0:2.6.32-220.13.1.el6
  • kernel-headers-0:2.6.32-220.13.1.el6
  • kernel-kdump-0:2.6.32-220.13.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-220.13.1.el6
  • kernel-kdump-devel-0:2.6.32-220.13.1.el6
  • perf-0:2.6.32-220.13.1.el6
  • perf-debuginfo-0:2.6.32-220.13.1.el6
  • python-perf-0:2.6.32-220.13.1.el6

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 52152 CVE ID: CVE-2012-0879 Linux Kernel是Linux操作系统的内核。 Linux Kernel的实现上存在可影响clone()系统调用的多个拒绝服务安全漏洞,可使本地用户造成拒绝服务 0 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/
idSSV:30144
last seen2017-11-19
modified2012-02-26
published2012-02-26
reporterRoot
titleLinux Kernel Clone()函数 CLONE_IO多个拒绝服务漏洞

References