Vulnerabilities > CVE-2012-2313 - Permissions, Privileges, and Access Controls vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Accessing, Modifying or Executing Executable Files An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Blue Boxing This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
- Restful Privilege Elevation Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
- Target Programs with Elevated Privileges This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1174.NASL description Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61626 published 2012-08-23 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61626 title CentOS 5 : kernel (CESA-2012:1174) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0812-1.NASL description The SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs have been fixed : CVE-2015-2041: A information leak in the llc2_timeout_table was fixed (bnc#919007). CVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (bnc#910251). CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the 1-clock-tests test suite (bnc#907818). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel allowed local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (bnc#863335). CVE-2014-0181: The Netlink implementation in the Linux kernel did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404). CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260). CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779). CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem (bnc#769784). CVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel allowed local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020 (bnc#760902). CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict access to the SIOCSMIIREG command, which allowed local users to write data to an Ethernet adapter via an ioctl call (bnc#758813). CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an last seen 2020-06-01 modified 2020-06-02 plugin id 83723 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83723 title SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1541.NASL description Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * A malicious NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A flaw in the dl2k driver could allow a local, unprivileged user to issue potentially harmful IOCTLs, possibly causing Ethernet adapters using the driver to malfunction (such as losing network connectivity). (CVE-2012-2313, Low) Red Hat would like to thank Andy Adamson for reporting CVE-2011-4131, and Stephan Mueller for reporting CVE-2012-2313. Bug fixes : * A kernel oops occurred in the nf_nat code when a bogus pointer was dereferenced in the nf_conn_nat structure. Consequently, if Source Network Address Translation (SNAT) was performed, incorrect information could be received by other CTS (Clear to Send) signals. A conntrack entry is now placed in the source hash after SNAT has been completed, which prevents the described problems. (BZ#865715) * Previously, the ixgbe_setup_tc() function was called recursively when the set_state() CEE (Convergence Enhanced Ethernet) API routine was called in IEEE DCBX (Data Center Bridging eXchange) mode. This is considered unsafe according to the IEEE standards. With this update, the ixgbe driver has been modified to no longer call the set_state() routine in IEEE DCBX mode. The driver now calls routines of the PFC (Priority-based Flow Control) and ETS (Enhanced Transmission Selection) extensions instead of the CEE extension routines in IEEE DCBX mode. (BZ#867859) * A Symmetric Multi Processing (SMP) race condition between the munmap() and exit() function could lead to false-positive triggering of the BUG_ON() macro if Transparent Huge Pages (THP) were enabled. This update fixes the race condition, which avoids false-positive triggering of the BUG_ON() macro in this scenario. (BZ#875121) * The kernel allows high priority real time tasks, such as tasks scheduled with the SCHED_FIFO policy, to be throttled. Previously, the CPU stop tasks were scheduled as high priority real time tasks and could be thus throttled accordingly. However, the replenishment timer, which is responsible for clearing a throttle flag on tasks, could be pending on the just disabled CPU. This could lead to the situation that the throttled tasks were never scheduled to run. Consequently, if any of such tasks was needed to complete the CPU disabling, the system became unresponsive. This update introduces a new scheduler class, which gives a task the highest possible system priority and such a task cannot be throttled. The stop-task scheduling class is now used for the CPU stop tasks, and the system shutdown completes as expected in the scenario described. (BZ#876078) * Previously, XFS log buffers were handled incorrectly so that XFS could, in certain circumstances, incorrectly read metadata from the journal during XFS log recovery. As a consequence, XFS log recovery terminated with an error message and prevented the file system from being mounted. This problem could result in a loss of data if the user forcibly emptied the log to allow the file system to be mounted. This update ensures that metadata is read correctly from the log and journal recovery thus completes successfully, and the file system mounts as expected. (BZ#876498) * Previously, kernel was allowed to reduce the number of unnecessary commit calls by skipping the commit when there was a large number of outstanding pages being written. However, a test on the number of commits (ncommit) did not properly handle the edge case when ncommit was zero. Consequently, inodes sometimes remained on the sb->s_dirty list and could not be freed by the inode cache shrinker. As a result, the nfs_inode_cache structure grew very large over time. With this update, the call to the nfs_write_inode() function is immediately returned when commit == 0, thus fixing this bug. (BZ#877394) last seen 2020-06-01 modified 2020-06-02 plugin id 64068 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64068 title RHEL 6 : kernel (RHSA-2012:1541) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1304.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * An integer overflow flaw was found in the i915_gem_do_execbuffer() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2384, Moderate) * A memory leak flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 62316 published 2012-09-27 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62316 title CentOS 6 : kernel (CESA-2012:1304) NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-8161.NASL description This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : - A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system. (CVE-2012-2319) - The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card. (CVE-2012-2313) - The befs_follow_linkl function in fs/befs/linuxvfs.c in the Linux kernel did not validate the lenght attribute of long symlinsk, which allowed local users to cause a denial of service (incorrect pointer dereference and Ooops) by accessing a long symlink on a malformed Be filesystem. (CVE-2011-2928) - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077) - A BUG() error report in the nfs4xdr routines on a NFSv4 mount was fixed that could happen during mknod. (CVE-2011-4324) - Mounting a corrupted hfs filesystem could lead to a buffer overflow. (CVE-2011-4330) The following non-security issues have been fixed : - kernel: pfault task state race (bnc#764128,LTC#81724). - ap: Toleration for ap bus devices with device type 10. (bnc#761389) - hugetlb, numa: fix interleave mpol reference count. (bnc#762111) - cciss: fixup kdump. (bnc#730200) - kdump: Avoid allocating bootmem map over crash reserved region. (bnc#749168, bnc#722400, bnc#742881) - qeth: Improve OSA Express 4 blkt defaults (bnc#754964,LTC#80325). - zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (bnc#754964,LTC#80378). - virtio: add names to virtqueue struct, mapping from devices to queues. (bnc#742148) - virtio: find_vqs/del_vqs virtio operations. (bnc#742148) - virtio_pci: optional MSI-X support. (bnc#742148) - virtio_pci: split up vp_interrupt. (bnc#742148) - knfsd: nfsd4: fix laundromat shutdown race (752556). - driver core: Check for valid device in bus_find_device(). (bnc#729685) - VMware detection backport from mainline. (bnc#671124, bnc#747381) - net: adding memory barrier to the poll and receive callbacks. (bnc#746397 / bnc#750928) - qla2xxx: drop reference before wait for completion. (bnc#744592) - qla2xxx: drop reference before wait for completion. (bnc#744592) - ixgbe driver sets all WOL flags upon initialization so that machine is powered on as soon at it is switched off. (bnc#693639) - Properly release MSI(X) vector(s) when MSI(X) gets disabled. (bnc#723294, bnc#721869) - scsi: Always retry internal target error. (bnc#745640) - cxgb4: fix parent device access in netdev_printk. (bnc#733155) - lcs: lcs offline failure (bnc#752486,LTC#79788). - qeth: add missing wake_up call (bnc#752486,LTC#79899). - NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and MKDIR. (bnc#751880) - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus_dev: add missing error checks to watch handling. - blkfront: properly fail packet requests. (bnc#745929) - blkback: failure to write last seen 2020-06-05 modified 2012-06-15 plugin id 59521 published 2012-06-15 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59521 title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8161) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1472-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59476 published 2012-06-13 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59476 title Ubuntu 11.10 : linux vulnerabilities (USN-1472-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1530-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61508 published 2012-08-13 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61508 title USN-1530-1 : linux-ti-omap4 vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2038.NASL description Description of changes: kernel-uek [2.6.32-300.37.1.el6uek] - sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994] - CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412} [2.6.32-300.36.1.el6uek] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14675306] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14676403] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14676504] {CVE-2012-3430} [2.6.32-300.35.1.el6uek] - oracleasm: Bring driver in sync with UEK2 (Martin K. Petersen) - Fix system hang due to bad protection module parameters (CR 130769) (Martin K. Petersen) - sd: Avoid remapping bad reference tags (Martin K. Petersen) - block: Fix bad range check in bio_sector_offset (Martin K. Petersen) [2.6.32-300.34.1.el6uek] - htrimer: fix kabi breakage (Joe Jin) - 2.6.32.x: timekeeping: Add missing update call in timekeeping_resume() (Thomas Gleixner) - 2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt (John Stultz) - 2.6.32.x: timekeeping: Provide hrtimer update function (Thomas Gleixner) - 2.6.32.x: hrtimers: Move lock held region in hrtimer_interrupt() (Thomas Gleixner) - 2.6.32.x: timekeeping: Maintain ktime_t based offsets for hrtimers (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix leapsecond triggered load spike issue (John Stultz) - 2.6.32.x: hrtimer: Provide clock_was_set_delayed() (John Stultz) - 2.6.32.x: time: Move common updates to a function (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix CLOCK_MONOTONIC inconsistency during leapsecond (John Stultz) - 2.6.32.x: ntp: Correct TAI offset during leap second (Richard Cochran) - 2.6.32.x: ntp: Fix leap-second hrtimer livelock (John Stultz) - Revert last seen 2020-06-01 modified 2020-06-02 plugin id 68683 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68683 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2038) NASL family Scientific Linux Local Security Checks NASL id SL_20120821_KERNEL_ON_SL5_X.NASL description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : - A flaw was found in the way the Linux kernel last seen 2020-03-18 modified 2012-08-24 plugin id 61655 published 2012-08-24 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61655 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120821) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1589.NASL description Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 64070 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64070 title RHEL 6 : kernel (RHSA-2012:1589) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1325.NASL description An updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of Red Hat Enterprise Virtualization Hypervisor: it is not possible to add a device that uses a virtual console back-end via Red Hat Enterprise Virtualization Manager. To specify a virtual console back-end for a device and therefore be vulnerable to this issue, the device would have to be created another way, for example, by using a VDSM hook. Note that at this time hooks can only be used on Red Hat Enterprise Linux hosts, not Red Hat Enterprise Virtualization Hypervisor. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 78935 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78935 title RHEL 6 : rhev-hypervisor6 (RHSA-2012:1325) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1304.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * An integer overflow flaw was found in the i915_gem_do_execbuffer() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2384, Moderate) * A memory leak flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 62303 published 2012-09-26 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62303 title RHEL 6 : kernel (RHSA-2012:1304) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1488-1.NASL description Stephan Mueller reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59811 published 2012-07-01 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59811 title Ubuntu 11.04 : linux vulnerabilities (USN-1488-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-133.NASL description An integer overflow flaw was found in the i915_gem_do_execbuffer() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2384 , Moderate) A memory leak flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69623 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69623 title Amazon Linux AMI : kernel (ALAS-2012-133) NASL family Scientific Linux Local Security Checks NASL id SL_20120925_KERNEL_ON_SL6_X.NASL description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - An integer overflow flaw was found in the i915_gem_do_execbuffer() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2384, Moderate) - A memory leak flaw was found in the way the Linux kernel last seen 2020-03-18 modified 2012-09-27 plugin id 62346 published 2012-09-27 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62346 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120925) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2012-0042.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix bug number for commit last seen 2020-06-01 modified 2020-06-02 plugin id 79484 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79484 title OracleVM 3.1 : kernel-uek (OVMSA-2012-0042) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1481.NASL description Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 64062 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64062 title RHEL 5 : kernel (RHSA-2012:1481) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1476-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59553 published 2012-06-18 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59553 title USN-1476-1 : linux-ti-omap4 vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1174.NASL description From Red Hat Security Advisory 2012:1174 : Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68599 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68599 title Oracle Linux 5 : kernel (ELSA-2012-1174) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1304.NASL description From Red Hat Security Advisory 2012:1304 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * An integer overflow flaw was found in the i915_gem_do_execbuffer() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2384, Moderate) * A memory leak flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68630 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68630 title Oracle Linux 6 : kernel (ELSA-2012-1304) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1473-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59495 published 2012-06-14 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59495 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-1473-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1493-1.NASL description Stephan Mueller reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59816 published 2012-07-01 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59816 title Ubuntu 8.04 LTS : linux vulnerabilities (USN-1493-1) NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-8162.NASL description This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : - A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system. (CVE-2012-2319) - The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card. (CVE-2012-2313) - The befs_follow_linkl function in fs/befs/linuxvfs.c in the Linux kernel did not validate the lenght attribute of long symlinsk, which allowed local users to cause a denial of service (incorrect pointer dereference and Ooops) by accessing a long symlink on a malformed Be filesystem. (CVE-2011-2928) - Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077) - A BUG() error report in the nfs4xdr routines on a NFSv4 mount was fixed that could happen during mknod. (CVE-2011-4324) - Mounting a corrupted hfs filesystem could lead to a buffer overflow. (CVE-2011-4330) The following non-security issues have been fixed : - kernel: pfault task state race (bnc#764128,LTC#81724). - ap: Toleration for ap bus devices with device type 10. (bnc#761389) - hugetlb, numa: fix interleave mpol reference count. (bnc#762111) - cciss: fixup kdump. (bnc#730200) - kdump: Avoid allocating bootmem map over crash reserved region. (bnc#749168, bnc#722400, bnc#742881) - qeth: Improve OSA Express 4 blkt defaults (bnc#754964,LTC#80325). - zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (bnc#754964,LTC#80378). - virtio: add names to virtqueue struct, mapping from devices to queues. (bnc#742148) - virtio: find_vqs/del_vqs virtio operations. (bnc#742148) - virtio_pci: optional MSI-X support. (bnc#742148) - virtio_pci: split up vp_interrupt. (bnc#742148) - knfsd: nfsd4: fix laundromat shutdown race (752556). - driver core: Check for valid device in bus_find_device(). (bnc#729685) - VMware detection backport from mainline. (bnc#671124, bnc#747381) - net: adding memory barrier to the poll and receive callbacks. (bnc#746397 / bnc#750928) - qla2xxx: drop reference before wait for completion. (bnc#744592) - qla2xxx: drop reference before wait for completion. (bnc#744592) - ixgbe driver sets all WOL flags upon initialization so that machine is powered on as soon at it is switched off. (bnc#693639) - Properly release MSI(X) vector(s) when MSI(X) gets disabled. (bnc#723294, bnc#721869) - scsi: Always retry internal target error. (bnc#745640) - cxgb4: fix parent device access in netdev_printk. (bnc#733155) - lcs: lcs offline failure (bnc#752486,LTC#79788). - qeth: add missing wake_up call (bnc#752486,LTC#79899). - NFSD: Fill in WCC data for REMOVE, RMDIR, MKNOD, and MKDIR. (bnc#751880) - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus_dev: add missing error checks to watch handling. - blkfront: properly fail packet requests. (bnc#745929) - blkback: failure to write last seen 2020-06-05 modified 2012-06-15 plugin id 59522 published 2012-06-15 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59522 title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8162) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-120523.NASL description The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.31, fixing many bugs and security issues. Various security and bug fixes contained in the Linux 3.0 stable releases 3.0.27 up to 3.0.31 have been included, but are not explicitly listed below. The following notable security issues have been fixed : - The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card. (CVE-2012-2313) - A use after free bug in hugetlb support could be used by local attackers to crash the system. (CVE-2012-2133) - Various leaks in namespace handling over fork where fixed, which could be exploited by e.g. vsftpd access by remote users. (CVE-2012-2127) - A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system. (CVE-2012-2319) The following non security bugs have been fixed by this update : - BTRFS - Partial revert of truncation improvements. - Fix eof while discarding extents. - Check return value of bio_alloc() properly. - Return void from clear_state_bit. - Avoid possible use-after-free in clear_extent_bit(). - Make free_ipath() deal gracefully with NULL pointers. - Do not call free_extent_buffer twice in iterate_irefs. - Add missing read locks in backref.c. - Fix max chunk size check in chunk allocator. - Double unlock bug in error handling. - Do not return EINTR. - Fix btrfs_ioctl_dev_info() crash on missing device. - Fix that check_int_data mount option was ignored. - Do not mount when we have a sectorsize unequal to PAGE_SIZE. - Avoid possible use-after-free in clear_extent_bit(). - Retrurn void from clear_state_bit. - Fix typo in free-space-cache.c. - Remove the ideal caching code. - Remove search_start and search_end from find_free_extent and callers. - Adjust the write_lock_level as we unlock. - Actually call btrfs_init_lockdep. - Fix regression in scrub path resolving. - Show useful info in space reservation tracepoint. - Flush out and clean up any block device pages during mount. - Fix deadlock during allocating chunks. - Fix race between direct io and autodefrag. - Fix the mismatch of page->mapping. - Fix recursive defragment with autodefrag option. - Add a check to decide if we should defrag the range. - Do not bother to defrag an extent if it is a big real extent. - Update to the right index of defragment. - Fix use-after-free in __btrfs_end_transaction. - Stop silently switching single chunks to raid0 on balance. - Add wrappers for working with alloc profiles. - Make profile_is_valid() check more strict. - Move alloc_profile_is_valid() to volumes.c. - Add get_restripe_target() helper. - Add __get_block_group_index() helper. - Improve the logic in btrfs_can_relocate(). - Validate target profiles only if we are going to use them. - Allow dup for data chunks in mixed mode. - Fix memory leak in resolver code. - Fix infinite loop in btrfs_shrink_device(). - Error handling locking fixu. - Fix uninit variable in repair_eb_io_failure. - Always store the mirror we read the eb from. - Do not count CRC or header errors twice while scrubbing. - Do not start delalloc inodes during sync. - Fix repair code for RAID10. - Prevent root_list corruption. - Fix block_rsv and space_info lock ordering. - Fix space checking during fs resize. - Avoid deadlocks from GFP_KERNEL allocations during btrfs_real_readdir(). - Reduce lock contention during extent insertion. - Add properly locking around add_root_to_dirty_list(). - Fix mismatching struct members in ioctl.h. - netfilter : - nf_conntrack: make event callback registration per netns. - DRM : - edid: Add a workaround for 1366x768 HD panel. - edid: Add extra_modes. - edid: Add packed attribute to new gtf2 and cvt structs. - edid: Add the reduced blanking DMT modes to the DMT list - edid: Allow drm_mode_find_dmt to hunt for reduced-blanking modes. - edid: Do drm_dmt_modes_for_range() for all range descriptor types. - edid: Document drm_mode_find_dmt. - edid: Fix some comment typos in the DMT mode list - edid: Generate modes from extra_modes for range descriptors - edid: Give the est3 mode struct a real name. - edid: Remove a misleading comment. - edid: Rewrite drm_mode_find_dmt search loop. - edid: Update range descriptor struct for EDID 1.4 - edid: add missing NULL checks. - edid: s/drm_gtf_modes_for_range/drm_dmt_modes_for_range/ - Fix kABI for drm EDID improvement patches. - Fix the case where multiple modes are returned from EDID - i915: Add more standard modes to LVDS output. - i915: Disable LVDS at mode change. - i915: add Ivy Bridge GT2 Server entries. - i915: delay drm_irq_install() at resume. - EDD: Check for correct EDD 3.0 length. - XEN - blkfront: make blkif_io_lock spinlock per-device. - blkback: streamline main processing loop (fate#309305). - blkback: Implement discard requests handling (fate#309305). - blkback: Enhance discard support with secure erasing support (fate#309305). - blkfront: Handle discard requests (fate#309305). - blkfront: Enhance discard support with secure erasing support (fate#309305). - blkif: support discard (fate#309305). - blkif: Enhance discard support with secure erasing support (fate#309305). - xen/smpboot: adjust ordering of operations. - x86-64: provide a memset() that can deal with 4Gb or above at a time. - Update Xen patches to 3.0.27. - Update Xen patches to 3.0.31. - xen: fix VM_FOREIGN users after c/s 878:eba6fe6d8d53. - xen/gntdev: fix multi-page slot allocation. - TG3 - Avoid panic from reserved statblk field access. - Fix 5717 serdes powerdown problem. - Fix RSS ring refill race condition. - Fix single-vector MSI-X code. - fix ipv6 header length computation. - S/390 - dasd: Fix I/O stall when reserving dasds. - af_iucv: detect down state of HS transport interface (LTC#80859). - af_iucv: allow shutdown for HS transport sockets (LTC#80860). - mm: s390: Fix BUG by using __set_page_dirty_no_writeback on swap. - qeth: Improve OSA Express 4 blkt defaults (LTC#80325). - zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (LTC#80378). - zfcpdump: Implement async sdias event processing (LTC#81330). - ALSA - hda: Always resume the codec immediately. - hda: Add Creative CA0132 HDA codec support. - hda: Fix error handling in patch_ca0132.c. - hda: Add the support for Creative SoundCore3D. - OTHER - ixgbe: fix ring assignment issues for SR-IOV and drop cases. - ixgbe: add missing rtnl_lock in PM resume path. - MCE, AMD: Drop too granulary family model checks. - EDAC, MCE, AMD: Print CPU number when reporting the error. - EDAC, MCE, AMD: Print valid addr when reporting an error. - libata: skip old error history when counting probe trials. - x86: kdb: restore kdb stack trace. - ehea: fix allmulticast support, - ehea: fix promiscuous mode. - ehea: only register irq after setting up ports. - ehea: fix losing of NEQ events when one event occurred early. - scsi: Silence unnecessary warnings about ioctl to partition. - scsi_dh_rdac: Update match function to check page C8. - scsi_dh_rdac: Add new NetApp IDs. - bluetooth: Add support for Foxconn/Hon Hai AR5BBU22 0489:E03C. - x86/amd: Add missing feature flag for fam15h models 10h-1fh processors. - x86: Report cpb and eff_freq_ro flags correctly. - x86, amd: Fix up numa_node information for AMD CPU family 15h model 0-0fh northbridge functions. - x86/PCI: amd: Kill misleading message about enablement of IO access to PCI ECS. - cdc-wdm: fix race leading leading to memory corruption. - tlan: add cast needed for proper 64 bit operation. - bonding:update speed/duplex for NETDEV_CHANGE. - bonding: comparing a u8 with -1 is always false. - bonding: start slaves with link down for ARP monitor. - bonding: do not increase rx_dropped after processing LACPDUs - x86: fix the initialization of physnode_map. - sched,rt: fix isolated CPUs leaving root_task_group indefinitely throttled. - Fix SLE11-SP1->SLE11-SP2 interrupt latency regression. Note that this change trades an approximately 400% latency regression fix for power consumption progression that skew removal bought (at high cost). - Revert mainline 0209f649 - rcu: limit rcu_node leaf-level fanout. - md: fix possible corruption of array metadata on shutdown. - md/bitmap: prevent bitmap_daemon_work running while initialising bitmap. - md: ensure changes to write-mostly are reflected in metadata. - cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler. - procfs, namespace, pid_ns: fix leakage upon fork() failure. - mqueue: fix a vfsmount longterm reference leak. - procfs: fix a vfsmount longterm reference leak. - scsi_dh_alua: Optimize stpg command. - scsi_dh_alua: Store pref bit from RTPG. - scsi_dh_alua: set_params interface. - uwb: fix error handling. - uwb: fix use of del_timer_sync() in interrupt. - usbhid: fix error handling of not enough bandwidth. - mm: Improve preservation of page-age information - pagecache limit: Fix the shmem deadlock. - USB: sierra: add support for Sierra Wireless MC7710. - USB: fix resource leak in xhci power loss path. - x86/iommu/intel: Fix identity mapping for sandy bridge. - ipv6: Check dest prefix length on original route not copied one in rt6_alloc_cow(). - ipv6: do not use inetpeer to store metrics for routes. - ipv6: fix problem with expired dst cache. - ipv6: unshare inetpeers. - bridge: correct IPv6 checksum after pull. - scsi: storvsc: Account for in-transit packets in the RESET path. - patches.fixes/mm-mempolicy.c-fix-pgoff-in-mbind-vma-merg e.patch : - patches.fixes/mm-mempolicy.c-refix-mbind_range-vma-issue .patch: Fix vma merging issue during mbind affecting JVMs. - ACPI, APEI: Fix incorrect APEI register bit width check and usage. - vmxnet3: cap copy length at size of skb to prevent dropped frames on tx. - rt2x00: rt2x00dev: move rfkill_polling register to proper place. - pagecache: fix the BUG_ON safety belt - pagecache: Fixed the GFP_NOWAIT is zero and not suitable for tests bug - igb: reset PHY after recovering from PHY power down. - igb: fix rtnl race in PM resume path. - watchdog: iTCO_wdt.c - problems with newer hardware due to SMI clearing. - watchdog: iTCO_wdt.c - problems with newer hardware due to SMI clearing redhat#727875). - cfq-iosched: Reduce linked group count upon group destruction. - cdc_ether: Ignore bogus union descriptor for RNDIS devices. - sys_poll: fix incorrect type for timeout parameter. - staging:rts_pstor:Avoid last seen 2020-06-05 modified 2013-01-25 plugin id 64174 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64174 title SuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 6338 / 6345 / 6349) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2507.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 68847 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68847 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1174-1.NASL description From Red Hat Security Advisory 2012:1174 : Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68598 published 2013-07-12 reporter This script is Copyright (C) 2013-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68598 title Oracle Linux 5 : kernel (ELSA-2012-1174-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1492-1.NASL description Stephan Mueller reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59815 published 2012-07-01 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59815 title Ubuntu 10.04 LTS : linux vulnerabilities (USN-1492-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1491-1.NASL description Stephan Mueller reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59814 published 2012-07-01 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59814 title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1491-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2035.NASL description Description of changes: kernel-uek [2.6.32-300.32.3.el6uek] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14675306] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14676403] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14676504] {CVE-2012-3430} last seen 2020-06-01 modified 2020-06-02 plugin id 68682 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68682 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2035) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1471-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59475 published 2012-06-13 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59475 title Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1471-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1490-1.NASL description Stephan Mueller reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59813 published 2012-07-01 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59813 title Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1490-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-78.NASL description The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. last seen 2020-06-01 modified 2020-06-02 plugin id 69685 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69685 title Amazon Linux AMI : kernel (ALAS-2012-78) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2034.NASL description Description of changes: [2.6.39-200.32.1.el6uek] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14680245] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14680284] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14680018] {CVE-2012-3430} last seen 2020-06-01 modified 2020-06-02 plugin id 68681 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68681 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2034) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1174.NASL description Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61618 published 2012-08-22 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61618 title RHEL 5 : kernel (RHSA-2012:1174) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1185.NASL description An updated rhev-hypervisor5 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-3406) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2012-3817 (bind issue) CVE-2012-3571 (dhcp issue) CVE-2012-2313 (kernel issue) CVE-2012-0441 (nss issue) CVE-2012-2337 and CVE-2012-3440 (sudo issues) CVE-2012-2625 (xen issue) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78930 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78930 title RHEL 5 : rhev-hypervisor5 (RHSA-2012:1185) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1474-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59496 published 2012-06-14 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59496 title USN-1474-1 : linux-ti-omap4 vulnerabilities
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.openwall.com/lists/oss-security/2012/05/04/8
- https://bugzilla.redhat.com/show_bug.cgi?id=818820
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.7
- https://github.com/torvalds/linux/commit/1bb57e940e1958e40d51f2078f50c3a96a9b2d75
- http://rhn.redhat.com/errata/RHSA-2012-1174.html
- http://rhn.redhat.com/errata/RHSA-2012-1589.html
- http://rhn.redhat.com/errata/RHSA-2012-1481.html
- http://www.securityfocus.com/bid/53965
- http://rhn.redhat.com/errata/RHSA-2012-1541.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://marc.info/?l=bugtraq&m=139447903326211&w=2
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1bb57e940e1958e40d51f2078f50c3a96a9b2d75