Vulnerabilities > CVE-2012-0879 - Resource Exhaustion vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- XML Ping of the Death An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
- XML Entity Expansion An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
- Inducing Account Lockout An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
- Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0481.NASL description Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Numerous reference count leaks were found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 58803 published 2012-04-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58803 title CentOS 6 : kernel (CESA-2012:0481) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0481 and # CentOS Errata and Security Advisory 2012:0481 respectively. # include("compat.inc"); if (description) { script_id(58803); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/28"); script_cve_id("CVE-2012-0879", "CVE-2012-1090", "CVE-2012-1097"); script_bugtraq_id(52152, 52197, 52274); script_xref(name:"RHSA", value:"2012:0481"); script_name(english:"CentOS 6 : kernel (CESA-2012:0481)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Numerous reference count leaks were found in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2012-0879, Moderate) * A flaw was found in the Linux kernel's cifs_lookup() implementation. POSIX open during lookup should only be supported for regular files. When non-regular files (for example, a named (FIFO) pipe or other special files) are opened on lookup, it could cause a denial of service. (CVE-2012-1090, Moderate) * It was found that the Linux kernel's register set (regset) common infrastructure implementation did not check if the required get and set handlers were initialized. A local, unprivileged user could use this flaw to cause a denial of service by performing a register set operation with a ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET request. (CVE-2012-1097, Moderate) Red Hat would like to thank H. Peter Anvin for reporting CVE-2012-1097. This update also fixes several bugs and adds various enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancements noted in the Technical Notes. The system must be rebooted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2012-April/018579.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b95ecb06" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1097"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-220.13.1.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1389-1.NASL description Paolo Bonzini discovered a flaw in Linux last seen 2020-06-01 modified 2020-06-02 plugin id 58270 published 2012-03-07 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58270 title Ubuntu 10.04 LTS : linux vulnerabilities (USN-1389-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1389-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(58270); script_version("1.13"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-4127", "CVE-2011-4347", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0879", "CVE-2012-2100"); script_bugtraq_id(50811, 52152); script_xref(name:"USN", value:"1389-1"); script_name(english:"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1389-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. (CVE-2011-4127) A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. (CVE-2011-4622) A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038) A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service. (CVE-2012-2100). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1389-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-4127", "CVE-2011-4347", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0879", "CVE-2012-2100"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1389-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-386", pkgver:"2.6.32-39.86")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-generic", pkgver:"2.6.32-39.86")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-generic-pae", pkgver:"2.6.32-39.86")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-lpia", pkgver:"2.6.32-39.86")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-preempt", pkgver:"2.6.32-39.86")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-server", pkgver:"2.6.32-39.86")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-versatile", pkgver:"2.6.32-39.86")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-39-virtual", pkgver:"2.6.32-39.86")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-386 / linux-image-2.6-generic / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2469.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-4086 Eric Sandeen reported an issue in the journaling layer for ext4 filesystems (jbd2). Local users can cause buffers to be accessed after they have been torn down, resulting in a denial of service (DoS) due to a system crash. - CVE-2012-0879 Louis Rilling reported two reference counting issues in the CLONE_IO feature of the kernel. Local users can prevent io context structures from being freed, resulting in a denial of service. - CVE-2012-1601 Michael Ellerman reported an issue in the KVM subsystem. Local users could cause a denial of service (NULL pointer dereference) by creating VCPUs before a call to KVM_CREATE_IRQCHIP. - CVE-2012-2123 Steve Grubb reported an issue in fcaps, a filesystem-based capabilities system. Personality flags set using this mechanism, such as the disabling of address space randomization, may persist across suid calls. - CVE-2012-2133 Shachar Raindel discovered a use-after-free bug in the hugepages quota implementation. Local users with permission to use hugepages via the hugetlbfs implementation may be able to cause a denial of service (system crash). last seen 2020-03-17 modified 2012-05-11 plugin id 59070 published 2012-05-11 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59070 title Debian DSA-2469-1 : linux-2.6 - privilege escalation/denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2469. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(59070); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-4086", "CVE-2012-0879", "CVE-2012-1601", "CVE-2012-2123", "CVE-2012-2133"); script_bugtraq_id(51945, 52152, 53166, 53233); script_xref(name:"DSA", value:"2469"); script_name(english:"Debian DSA-2469-1 : linux-2.6 - privilege escalation/denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-4086 Eric Sandeen reported an issue in the journaling layer for ext4 filesystems (jbd2). Local users can cause buffers to be accessed after they have been torn down, resulting in a denial of service (DoS) due to a system crash. - CVE-2012-0879 Louis Rilling reported two reference counting issues in the CLONE_IO feature of the kernel. Local users can prevent io context structures from being freed, resulting in a denial of service. - CVE-2012-1601 Michael Ellerman reported an issue in the KVM subsystem. Local users could cause a denial of service (NULL pointer dereference) by creating VCPUs before a call to KVM_CREATE_IRQCHIP. - CVE-2012-2123 Steve Grubb reported an issue in fcaps, a filesystem-based capabilities system. Personality flags set using this mechanism, such as the disabling of address space randomization, may persist across suid calls. - CVE-2012-2133 Shachar Raindel discovered a use-after-free bug in the hugepages quota implementation. Local users with permission to use hugepages via the hugetlbfs implementation may be able to cause a denial of service (system crash)." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4086" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0879" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-1601" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-2123" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-2133" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/linux-2.6" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2469" ); script_set_attribute( attribute:"solution", value: "Upgrade the linux-2.6 and user-mode-linux packages. For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-44. Updates are currently only available for the amd64, i386 and sparc ports. Note: updated linux-2.6 packages will also be made available in the release of Debian 6.0.5, scheduled to take place the weekend of 2012.05.12. This pending update will be version 2.6.32-45, and provides an additional fix for build failures on some architectures. Users for whom this update is not critical, and who may wish to avoid multiple reboots, should consider waiting for the 6.0.5 release before updating, or installing the 2.6.32-45 version ahead of time from proposed-updates. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update : Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+44" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"firmware-linux-free", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-base", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-doc-2.6.32", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-486", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-4kc-malta", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-5kc-malta", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686-bigmem", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-amd64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-armel", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-i386", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-ia64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mips", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mipsel", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-powerpc", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-s390", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-sparc", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-amd64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-openvz", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-vserver", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-xen", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-iop32x", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-itanium", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-ixp4xx", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-kirkwood", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-mckinley", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-686", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-amd64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-orion5x", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc-smp", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r4k-ip22", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-cobalt", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-ip32", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-s390x", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64-smp", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-versatile", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-amd64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-itanium", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-mckinley", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-s390x", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-sparc64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-686", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-amd64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-486", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-4kc-malta", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-5kc-malta", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem-dbg", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64-dbg", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-iop32x", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-itanium", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-ixp4xx", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-kirkwood", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-mckinley", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686-dbg", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64-dbg", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-orion5x", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc-smp", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r4k-ip22", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-cobalt", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-ip32", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x-tape", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64-smp", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-versatile", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem-dbg", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64-dbg", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-itanium", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-mckinley", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-s390x", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-sparc64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686-dbg", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64-dbg", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-libc-dev", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-manual-2.6.32", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-patch-debian-2.6.32", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-source-2.6.32", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-support-2.6.32-5", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"linux-tools-2.6.32", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-686", reference:"2.6.32-44")) flag++; if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-amd64", reference:"2.6.32-44")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Scientific Linux Local Security Checks NASL id SL_20120417_KERNEL_ON_SL6_X.NASL description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Numerous reference count leaks were found in the Linux kernel last seen 2020-03-18 modified 2012-08-01 plugin id 61302 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61302 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120417) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61302); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/28"); script_cve_id("CVE-2012-0879", "CVE-2012-1090", "CVE-2012-1097"); script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120417)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - Numerous reference count leaks were found in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2012-0879, Moderate) - A flaw was found in the Linux kernel's cifs_lookup() implementation. POSIX open during lookup should only be supported for regular files. When non-regular files (for example, a named (FIFO) pipe or other special files) are opened on lookup, it could cause a denial of service. (CVE-2012-1090, Moderate) - It was found that the Linux kernel's register set (regset) common infrastructure implementation did not check if the required get and set handlers were initialized. A local, unprivileged user could use this flaw to cause a denial of service by performing a register set operation with a ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET request. (CVE-2012-1097, Moderate) This update also fixes several bugs and adds various enhancements. The system must be rebooted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=1355 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?33d9f371" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"kernel-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", cpu:"i386", reference:"kernel-debuginfo-common-i686-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"perf-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-220.13.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-220.13.1.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1408-1.NASL description Louis Rilling discovered a flaw in Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 58496 published 2012-03-27 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58496 title USN-1408-1 : linux-fsl-imx51 vulnerability NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1410-1.NASL description Louis Rilling discovered a flaw in Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 58498 published 2012-03-27 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58498 title Ubuntu 10.04 LTS : linux-ec2 vulnerability (USN-1410-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0481.NASL description From Red Hat Security Advisory 2012:0481 : Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Numerous reference count leaks were found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68515 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68515 title Oracle Linux 6 : kernel (ELSA-2012-0481) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0531.NASL description An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues) CVE-2012-0884 and CVE-2012-1165 (openssl issues) CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues) This update also fixes the following bug : * The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver. (BZ#809463) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78922 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78922 title RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0481.NASL description Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Numerous reference count leaks were found in the Linux kernel last seen 2020-04-16 modified 2012-04-18 plugin id 58773 published 2012-04-18 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58773 title RHEL 6 : kernel (RHSA-2012:0481) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1411-1.NASL description Louis Rilling discovered a flaw in Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 58499 published 2012-03-27 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58499 title Ubuntu 10.04 LTS : linux vulnerability (USN-1411-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2007.NASL description Description of changes: * CVE-2012-0879: Denial of service in CLONE_IO. CLONE_IO reference counting error could be exploited by an unprivileged local user to cause denial of service. * CVE-2012-1097: NULL pointer dereference in the ptrace subsystem. Under certain circumstances, ptrace-ing a process could lead to a NULL pointer dereference and kernel panic. * CVE-2012-1090: Denial of service in the CIFS filesystem reference counting. Under certain circumstances, the CIFS filesystem would open a file on lookup. If the file was determined later to be a FIFO or any other special file the file handle would be leaked, leading to reference counting mismatch and a kernel OOPS on unmount. An unprivileged local user could use this flaw to crash the system. kernel-uek: [2.6.32-300.21.1.el6uek] - regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter Anvin) CVE-2012-1097 - regset: Prevent NULL pointer reference on readonly regsets (H. Peter Anvin) CVE-2012-1097 - cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton) CVE-2012-1090 - block: Fix io_context leak after failure of clone with CLONE_IO (Louis Rilling) CVE-2012-0879 last seen 2020-06-01 modified 2020-06-02 plugin id 68670 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68670 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2007) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1415-1.NASL description Louis Rilling discovered a flaw in Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 58590 published 2012-04-04 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58590 title Ubuntu 10.10 : linux-mvl-dove vulnerability (USN-1415-1) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-120428.NASL description The SUSE Linux Enterprise 11 SP1 kernel has been updated to the 2.6.32.59 stable release to fix a lot of bugs and security issues. The following security issues have been fixed : - A use after free bug in hugetlb support could be used by local attackers to crash the system. (CVE-2012-2133) - A NULL pointer dereference bug in the regsets proc file could be used by local attackers to perhaps crash the system. With mmap_min_addr is set and enabled, exploitation is unlikely. (CVE-2012-1097) - A reference counting issue in CLONE_IO could be used by local attackers to cause a denial of service (out of memory). (CVE-2012-0879) - A file handle leak in CIFS code could be used by local attackers to crash the system. (CVE-2012-1090) - Large nested epoll chains could be used by local attackers to cause a denial of service (excessive CPU consumption). (CVE-2011-1083) - When using KVM, programming a PIT timer without a irqchip configuration, can be used to crash the kvm guest. This likely can be done only by a privileged guest user. (CVE-2011-4622) - A KVM 32bit guest crash in last seen 2020-06-05 modified 2013-01-25 plugin id 64173 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64173 title SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 6227 / 6229 / 6230)
Redhat
advisories |
| ||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 52152 CVE ID: CVE-2012-0879 Linux Kernel是Linux操作系统的内核。 Linux Kernel的实现上存在可影响clone()系统调用的多个拒绝服务安全漏洞,可使本地用户造成拒绝服务 0 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/ |
id | SSV:30144 |
last seen | 2017-11-19 |
modified | 2012-02-26 |
published | 2012-02-26 |
reporter | Root |
title | Linux Kernel Clone()函数 CLONE_IO多个拒绝服务漏洞 |
References
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=61cc74fbb87af6aa551a06a370590c9bc07e29d9
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69f2292063d2caf37ca9aec7d63ded203701bf3
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
- http://marc.info/?l=bugtraq&m=139447903326211&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0481.html
- http://rhn.redhat.com/errata/RHSA-2012-0531.html
- http://secunia.com/advisories/48545
- http://secunia.com/advisories/48842
- http://www.debian.org/security/2012/dsa-2469
- http://www.openwall.com/lists/oss-security/2012/02/23/5
- http://www.securitytracker.com/id?1027086
- http://www.ubuntu.com/usn/USN-1408-1
- http://www.ubuntu.com/usn/USN-1410-1
- http://www.ubuntu.com/usn/USN-1411-1
- https://bugzilla.redhat.com/show_bug.cgi?id=796829
- https://github.com/torvalds/linux/commit/61cc74fbb87af6aa551a06a370590c9bc07e29d9
- https://github.com/torvalds/linux/commit/b69f2292063d2caf37ca9aec7d63ded203701bf3
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33
- https://github.com/torvalds/linux/commit/b69f2292063d2caf37ca9aec7d63ded203701bf3
- https://github.com/torvalds/linux/commit/61cc74fbb87af6aa551a06a370590c9bc07e29d9
- https://bugzilla.redhat.com/show_bug.cgi?id=796829
- http://www.ubuntu.com/usn/USN-1411-1
- http://www.ubuntu.com/usn/USN-1410-1
- http://www.ubuntu.com/usn/USN-1408-1
- http://www.securitytracker.com/id?1027086
- http://www.openwall.com/lists/oss-security/2012/02/23/5
- http://www.debian.org/security/2012/dsa-2469
- http://secunia.com/advisories/48842
- http://secunia.com/advisories/48545
- http://rhn.redhat.com/errata/RHSA-2012-0531.html
- http://rhn.redhat.com/errata/RHSA-2012-0481.html
- http://marc.info/?l=bugtraq&m=139447903326211&w=2
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69f2292063d2caf37ca9aec7d63ded203701bf3
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=61cc74fbb87af6aa551a06a370590c9bc07e29d9