Vulnerabilities > CVE-2012-3412 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2039.NASL description Description of changes: [2.6.39-200.33.1.el6uek] - sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994] - CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412} last seen 2020-06-01 modified 2020-06-02 plugin id 68684 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68684 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2039) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Oracle Linux Security Advisory ELSA-2012-2039. # include("compat.inc"); if (description) { script_id(68684); script_version("1.12"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2012-3412"); script_bugtraq_id(54763); script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2039)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Description of changes: [2.6.39-200.33.1.el6uek] - sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994] - CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412}" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-October/003084.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-October/003085.html" ); script_set_attribute( attribute:"solution", value:"Update the affected unbreakable enterprise kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2012-3412"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2012-2039"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL5", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-2.6.39-200.33.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-2.6.39-200.33.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-devel-2.6.39-200.33.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-devel-2.6.39-200.33.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-doc-2.6.39-200.33.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-firmware-2.6.39-200.33.1.el5uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.39-200.33.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.39-200.33.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.39-200.33.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.39-200.33.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.39-200.33.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.39-200.33.1.el6uek")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-700.NASL description This kernel update to 3.4.11 fixes various bugs and security issues. The changes up to 3.4.11 contain both security and bugfixes and are not explicitly listed here. Following security issues were fixed: CVE-2012-3520: Force passing credentials, otherwise local services could be fooled to assume requests coming from root. CVE-2012-3412: Do not allow extreme TSO parameters in the sfc driver and tcp stack. Following non-security bugs were fixed : - nbd: clear waiting_queue on shutdown (bnc#778630). - NFS: avoid warning from nfs_drop_nlink (bnc#780624). - net: do not disable sg for packets requiring no checksum (bnc#774859). - sfc: Fix maximum number of TSO segments and minimum TX queue size (bnc#774523 CVE-2012-3412). - net: Allow driver to limit number of GSO segments per skb (bnc#774523 CVE-2012-3412). - drm/nouveau: fix booting with plymouth + dumb support (bnc#771392). - memcg: warn on deeper hierarchies with use_hierarchy==0 (bnc#781134). - Linux 3.4.11. - Update config files. - Refresh patches.suse/scsi-error-test-unit-ready-timeout. - Btrfs: fix tree log remove space corner case (bnc#779432) - irq_remap: disable IRQ remapping if any IOAPIC lacks an IOMMU. - Linux 3.4.10. - Linux 3.4.9. - kABI: protect struct irq_desc. - Linux 3.4.8. - kABI: sdhci, remove inclusion. - reiserfs: fix deadlock with nfs racing on create/lookup (bnc#762693). - Properly update Xen patches to 3.4.7. - Refresh other Xen patches (bnc#772831). - config: enable various ARM errata workarounds to improve stability - Import kabi files for 12.2 - rpm/config.sh: Build the KOTD against 12.2 - ASoC: omap: Add missing modules aliases to get sound working on omap devices. - Update config files to fix build - rt2800: add chipset revision RT5390R support (bnc#772566). - reiserfs: fix deadlocks with quotas - ACPI, APEI: Fixup common access width firmware bug (bnc#765230). - i2c/busses: Fix build error if CONFIG_I2C_DESIGNWARE_PLATFORM=y and CONFIG_I2C_DESIGN. - Update ARM configs to match kernel 3.4.7 - Update ARM omap2plus config to match kernel 3.4.7 and add Smartreflex support (auto voltage) - ALSA: hda - Fix mute-LED GPIO initialization for IDT codecs (bnc#772923). - ALSA: hda - Fix polarity of mute LED on HP Mini 210 (bnc#772923). - Linux 3.4.7. - Refresh patches.suse/dm-raid45-26-Nov-2009.patch. - Enable RTL8150 for omap2plus Generic USB Network device that also works fine on ARM, so enable it - update RNDIS_OID_GEN_RNDIS_CONFIG_PARAMETER patch name - Drivers: hv: Cleanup the guest ID computation. - hyperv: Add a check for ring_size value. - hyperv: Add error handling to rndis_filter_device_add(). - Drivers: hv: Change the hex constant to a decimal constant. - hyperv: Add support for setting MAC from within guests. - net/hyperv: Use wait_event on outstanding sends during device removal. - hv: add RNDIS_OID_GEN_RNDIS_CONFIG_PARAMETER. - Refresh patches.suse/SUSE-bootsplash. Fix wrong vfree() (bnc#773406) last seen 2020-06-05 modified 2014-06-13 plugin id 74778 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74778 title openSUSE Security Update : kernel (openSUSE-SU-2012:1330-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-700. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74778); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-3412", "CVE-2012-3520"); script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2012:1330-1)"); script_summary(english:"Check for the openSUSE-2012-700 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This kernel update to 3.4.11 fixes various bugs and security issues. The changes up to 3.4.11 contain both security and bugfixes and are not explicitly listed here. Following security issues were fixed: CVE-2012-3520: Force passing credentials, otherwise local services could be fooled to assume requests coming from root. CVE-2012-3412: Do not allow extreme TSO parameters in the sfc driver and tcp stack. Following non-security bugs were fixed : - nbd: clear waiting_queue on shutdown (bnc#778630). - NFS: avoid warning from nfs_drop_nlink (bnc#780624). - net: do not disable sg for packets requiring no checksum (bnc#774859). - sfc: Fix maximum number of TSO segments and minimum TX queue size (bnc#774523 CVE-2012-3412). - net: Allow driver to limit number of GSO segments per skb (bnc#774523 CVE-2012-3412). - drm/nouveau: fix booting with plymouth + dumb support (bnc#771392). - memcg: warn on deeper hierarchies with use_hierarchy==0 (bnc#781134). - Linux 3.4.11. - Update config files. - Refresh patches.suse/scsi-error-test-unit-ready-timeout. - Btrfs: fix tree log remove space corner case (bnc#779432) - irq_remap: disable IRQ remapping if any IOAPIC lacks an IOMMU. - Linux 3.4.10. - Linux 3.4.9. - kABI: protect struct irq_desc. - Linux 3.4.8. - kABI: sdhci, remove inclusion. - reiserfs: fix deadlock with nfs racing on create/lookup (bnc#762693). - Properly update Xen patches to 3.4.7. - Refresh other Xen patches (bnc#772831). - config: enable various ARM errata workarounds to improve stability - Import kabi files for 12.2 - rpm/config.sh: Build the KOTD against 12.2 - ASoC: omap: Add missing modules aliases to get sound working on omap devices. - Update config files to fix build - rt2800: add chipset revision RT5390R support (bnc#772566). - reiserfs: fix deadlocks with quotas - ACPI, APEI: Fixup common access width firmware bug (bnc#765230). - i2c/busses: Fix build error if CONFIG_I2C_DESIGNWARE_PLATFORM=y and CONFIG_I2C_DESIGN. - Update ARM configs to match kernel 3.4.7 - Update ARM omap2plus config to match kernel 3.4.7 and add Smartreflex support (auto voltage) - ALSA: hda - Fix mute-LED GPIO initialization for IDT codecs (bnc#772923). - ALSA: hda - Fix polarity of mute LED on HP Mini 210 (bnc#772923). - Linux 3.4.7. - Refresh patches.suse/dm-raid45-26-Nov-2009.patch. - Enable RTL8150 for omap2plus Generic USB Network device that also works fine on ARM, so enable it - update RNDIS_OID_GEN_RNDIS_CONFIG_PARAMETER patch name - Drivers: hv: Cleanup the guest ID computation. - hyperv: Add a check for ring_size value. - hyperv: Add error handling to rndis_filter_device_add(). - Drivers: hv: Change the hex constant to a decimal constant. - hyperv: Add support for setting MAC from within guests. - net/hyperv: Use wait_event on outstanding sends during device removal. - hv: add RNDIS_OID_GEN_RNDIS_CONFIG_PARAMETER. - Refresh patches.suse/SUSE-bootsplash. Fix wrong vfree() (bnc#773406)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=762693" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765230" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=771392" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772831" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772923" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=773406" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=774523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=774859" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=776925" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=778630" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779432" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=780624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=781134" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-10/msg00045.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-source-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-source-vanilla-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kernel-syms-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-extra-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-extra-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-extra-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-extra-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-base-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-debugsource-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-devel-3.4.11-2.16.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.4.11-2.16.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1375.NASL description An updated rhev-hypervisor6 package that fixes one security issue and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. This updated package provides updated components that include a fix for one security issue. This issue had no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fix included in this update addresses the following CVE number : CVE-2012-4423 (libvirt issue) This update also fixes the following bug : * A dependency issue was found between the rhev-hypervisor-tools and rhev-hypervisor6-tools packages. Every time a user with one of the -tools packages installed ran last seen 2020-06-01 modified 2020-06-02 plugin id 78938 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78938 title RHEL 6 : rhev-hypervisor6 (RHSA-2012:1375) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1375. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(78938); script_version("1.12"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-3412"); script_bugtraq_id(54763); script_xref(name:"RHSA", value:"2012:1375"); script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2012:1375)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated rhev-hypervisor6 package that fixes one security issue and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. This updated package provides updated components that include a fix for one security issue. This issue had no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fix included in this update addresses the following CVE number : CVE-2012-4423 (libvirt issue) This update also fixes the following bug : * A dependency issue was found between the rhev-hypervisor-tools and rhev-hypervisor6-tools packages. Every time a user with one of the -tools packages installed ran 'yum update', the -tools package they had installed was removed and the other one installed. Even though rhev-hypervisor-tools obsoleted rhev-hypervisor6-tools, this update includes an updated rhev-hypervisor6-tools package that corrects this issue. Note that the package does not have meaningful content, is only here to fix the dependency issue, and may be removed by a future update. (BZ#855391) This update includes the ovirt-node build from RHBA-2012:1374 : https://rhn.redhat.com/errata/RHBA-2012-1374.html Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues." ); # https://rhn.redhat.com/errata/RHBA-2012-1374.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHBA-2012:1374" ); # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2be17ee0" ); # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b5caa05f" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1375" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3412" ); script_set_attribute( attribute:"solution", value: "Update the affected rhev-hypervisor6 and / or rhev-hypervisor6-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1375"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.3-20121012.0.el6_3")) flag++; if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-tools-6.3-20121012.0.el6_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6 / rhev-hypervisor6-tools"); } }NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-176.NASL description The Linux kernel was updated to fix various bugs and security issues : CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0160: Avoid a side channel attack on /dev/ptmx (keyboard input timing). CVE-2012-5374: Fixed a local denial of service in the BTRFS hashing code. CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux kernel, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-0957: The override_release function in kernel/sys.c in the Linux kernel allowed local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. CVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-4508: Race condition in fs/ext4/extents.c in the Linux kernel allowed local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel provided an invalid replacement session keyring to a child process, which allowed local users to cause a denial of service (panic) via a crafted application that uses the fork system call. CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel did not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allowed local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. last seen 2020-06-05 modified 2014-06-13 plugin id 74914 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74914 title openSUSE Security Update : kernel (openSUSE-SU-2013:0396-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-176. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74914); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-0957", "CVE-2012-2745", "CVE-2012-3375", "CVE-2012-3400", "CVE-2012-3412", "CVE-2012-4508", "CVE-2012-4530", "CVE-2012-5374", "CVE-2013-0160", "CVE-2013-0216", "CVE-2013-0231", "CVE-2013-0268", "CVE-2013-0309", "CVE-2013-0871"); script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2013:0396-1)"); script_summary(english:"Check for the openSUSE-2013-176 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The Linux kernel was updated to fix various bugs and security issues : CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0160: Avoid a side channel attack on /dev/ptmx (keyboard input timing). CVE-2012-5374: Fixed a local denial of service in the BTRFS hashing code. CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux kernel, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-0957: The override_release function in kernel/sys.c in the Linux kernel allowed local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. CVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-4508: Race condition in fs/ext4/extents.c in the Linux kernel allowed local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel provided an invalid replacement session keyring to a child process, which allowed local users to cause a denial of service (panic) via a crafted application that uses the fork system call. CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel did not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allowed local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=714906" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=720226" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=733148" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=755546" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=762693" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765524" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=768506" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769784" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=770695" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=773406" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=773831" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=774285" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=774523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=774859" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=776144" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=778630" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779432" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=781134" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=783515" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=784192" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=786013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=787168" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=792500" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=793671" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797175" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=799209" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=800280" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=801178" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=801782" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=802153" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=802642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=804154" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=804652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=804738" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-03/msg00013.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"kernel-debug-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-debug-base-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-debug-base-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-debug-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-debug-debugsource-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-debug-devel-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-debug-devel-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-default-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-default-base-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-default-base-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-default-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-default-debugsource-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-default-devel-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-default-devel-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-desktop-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-desktop-base-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-desktop-base-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-desktop-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-desktop-debugsource-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-desktop-devel-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-desktop-devel-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-devel-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-ec2-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-ec2-base-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-ec2-base-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-ec2-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-ec2-debugsource-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-ec2-devel-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-ec2-devel-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-ec2-extra-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-ec2-extra-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-pae-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-pae-base-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-pae-base-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-pae-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-pae-debugsource-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-pae-devel-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-pae-devel-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-source-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-source-vanilla-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-syms-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-trace-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-trace-base-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-trace-base-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-trace-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-trace-debugsource-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-trace-devel-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-trace-devel-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-vanilla-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-vanilla-base-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-vanilla-base-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-vanilla-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-vanilla-debugsource-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-vanilla-devel-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-vanilla-devel-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-xen-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-xen-base-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-xen-base-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-xen-debuginfo-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-xen-debugsource-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-xen-devel-3.1.10-1.19.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"kernel-xen-devel-debuginfo-3.1.10-1.19.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-14051-1.NASL description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: CVE-2019-9213: The expand_downwards function in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). CVE-2013-0216: The Xen netback functionality allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption (bnc#800280). CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (bnc#801178). CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c did not initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a recvfrom or recvmsg system call on an RDS socket (bnc#773383). CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value (bnc#774523). CVE-2013-0160: The kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device (bnc#797175). CVE-2013-1979: The scm_set_cred function in include/net/scm.h uses incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application (bnc#816708). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125250 published 2019-05-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125250 title SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14051-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:14051-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125250); script_version("1.2"); script_cvs_date("Date: 2019/05/17 14:32:38"); script_cve_id("CVE-2012-3412", "CVE-2012-3430", "CVE-2013-0160", "CVE-2013-0216", "CVE-2013-0231", "CVE-2013-1979", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2019-9213"); script_bugtraq_id(54702, 54763, 57176, 57740, 57743, 59538); script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14051-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: CVE-2019-9213: The expand_downwards function in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). CVE-2013-0216: The Xen netback functionality allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption (bnc#800280). CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (bnc#801178). CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c did not initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a recvfrom or recvmsg system call on an RDS socket (bnc#773383). CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value (bnc#774523). CVE-2013-0160: The kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device (bnc#797175). CVE-2013-1979: The scm_set_cred function in include/net/scm.h uses incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application (bnc#816708). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082943" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1094244" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1103186" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106886" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1110436" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1111331" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112178" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1117515" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119019" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1127082" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1127376" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1127445" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1127534" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1127738" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1128166" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1128383" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129248" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129437" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129439" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130353" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130384" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131107" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131587" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132589" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=773383" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=774523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=797175" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=800280" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=801178" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=816708" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-3412/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-3430/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-0160/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-0216/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-0231/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-1979/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12126/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12127/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12130/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11091/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9213/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/support/kb/doc/?id=7023736" ); # https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d083dd81" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP4-LTSS:zypper in -t patch slessp4-kernel-20190508-14051=1 SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch slexsp3-kernel-20190508-14051=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-kernel-20190508-14051=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:X/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/17"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); # Temp disable exit(0, 'Temporarily disabled.'); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"kernel-default-man-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-base-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-devel-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-source-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-syms-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-base-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-devel-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-base-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-base-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-devel-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-base-3.0.101-108.90.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-devel-3.0.101-108.90.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2038.NASL description Description of changes: kernel-uek [2.6.32-300.37.1.el6uek] - sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994] - CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412} [2.6.32-300.36.1.el6uek] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14675306] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14676403] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14676504] {CVE-2012-3430} [2.6.32-300.35.1.el6uek] - oracleasm: Bring driver in sync with UEK2 (Martin K. Petersen) - Fix system hang due to bad protection module parameters (CR 130769) (Martin K. Petersen) - sd: Avoid remapping bad reference tags (Martin K. Petersen) - block: Fix bad range check in bio_sector_offset (Martin K. Petersen) [2.6.32-300.34.1.el6uek] - htrimer: fix kabi breakage (Joe Jin) - 2.6.32.x: timekeeping: Add missing update call in timekeeping_resume() (Thomas Gleixner) - 2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt (John Stultz) - 2.6.32.x: timekeeping: Provide hrtimer update function (Thomas Gleixner) - 2.6.32.x: hrtimers: Move lock held region in hrtimer_interrupt() (Thomas Gleixner) - 2.6.32.x: timekeeping: Maintain ktime_t based offsets for hrtimers (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix leapsecond triggered load spike issue (John Stultz) - 2.6.32.x: hrtimer: Provide clock_was_set_delayed() (John Stultz) - 2.6.32.x: time: Move common updates to a function (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix CLOCK_MONOTONIC inconsistency during leapsecond (John Stultz) - 2.6.32.x: ntp: Correct TAI offset during leap second (Richard Cochran) - 2.6.32.x: ntp: Fix leap-second hrtimer livelock (John Stultz) - Revert last seen 2020-06-01 modified 2020-06-02 plugin id 68683 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68683 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2038) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Oracle Linux Security Advisory ELSA-2012-2038. # include("compat.inc"); if (description) { script_id(68683); script_version("1.13"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2012-2313", "CVE-2012-2390", "CVE-2012-3412", "CVE-2012-3430"); script_bugtraq_id(53668, 53965, 54702, 54763); script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2038)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Description of changes: kernel-uek [2.6.32-300.37.1.el6uek] - sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994] - CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412} [2.6.32-300.36.1.el6uek] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14675306] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14676403] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14676504] {CVE-2012-3430} [2.6.32-300.35.1.el6uek] - oracleasm: Bring driver in sync with UEK2 (Martin K. Petersen) - Fix system hang due to bad protection module parameters (CR 130769) (Martin K. Petersen) - sd: Avoid remapping bad reference tags (Martin K. Petersen) - block: Fix bad range check in bio_sector_offset (Martin K. Petersen) [2.6.32-300.34.1.el6uek] - htrimer: fix kabi breakage (Joe Jin) - 2.6.32.x: timekeeping: Add missing update call in timekeeping_resume() (Thomas Gleixner) - 2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt (John Stultz) - 2.6.32.x: timekeeping: Provide hrtimer update function (Thomas Gleixner) - 2.6.32.x: hrtimers: Move lock held region in hrtimer_interrupt() (Thomas Gleixner) - 2.6.32.x: timekeeping: Maintain ktime_t based offsets for hrtimers (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix leapsecond triggered load spike issue (John Stultz) - 2.6.32.x: hrtimer: Provide clock_was_set_delayed() (John Stultz) - 2.6.32.x: time: Move common updates to a function (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix CLOCK_MONOTONIC inconsistency during leapsecond (John Stultz) - 2.6.32.x: ntp: Correct TAI offset during leap second (Richard Cochran) - 2.6.32.x: ntp: Fix leap-second hrtimer livelock (John Stultz) - Revert '2.6.32.x: hrtimer: Fix clock_was_set so it is safe to call from irq context' (Joe Jin) - Revert '2.6.32.x: time: Fix leapsecond triggered hrtimer/futex load spike issue' (Joe Jin) - Revert '2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt' (Joe Jin) [2.6.32-300.33.1.el6uek] - mpt2sas: Update mpt2sas to 120.105.11.00 (Guru Anbalagane) [Orabug: 14376481] - Revert 'mpt2sas: update to 12.105.11.00' (Maxim Uvarov)" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-October/003086.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-October/003090.html" ); script_set_attribute( attribute:"solution", value:"Update the affected unbreakable enterprise kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.37.1.el5uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.37.1.el5uekdebug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.37.1.el6uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.37.1.el6uekdebug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-300.37.1.el5uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-300.37.1.el5uekdebug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-300.37.1.el6uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-300.37.1.el6uekdebug"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/13"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2012-2313", "CVE-2012-2390", "CVE-2012-3412", "CVE-2012-3430"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2012-2038"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL5", rpm:"kernel-uek-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-2.6.32-300.37.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-debug-2.6.32-300.37.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-devel-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-debug-devel-2.6.32-300.37.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-devel-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-devel-2.6.32-300.37.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-doc-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-doc-2.6.32-300.37.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-firmware-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-firmware-2.6.32-300.37.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-headers-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-headers-2.6.32-300.37.1.el5uek")) flag++; if (rpm_check(release:"EL5", reference:"mlnx_en-2.6.32-300.37.1.el5uek-1.5.7-2")) flag++; if (rpm_check(release:"EL5", reference:"mlnx_en-2.6.32-300.37.1.el5uekdebug-1.5.7-2")) flag++; if (rpm_check(release:"EL5", reference:"ofa-2.6.32-300.37.1.el5uek-1.5.1-4.0.58")) flag++; if (rpm_check(release:"EL5", reference:"ofa-2.6.32-300.37.1.el5uekdebug-1.5.1-4.0.58")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.32-300.37.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.32-300.37.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.32-300.37.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.32-300.37.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.32-300.37.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.32-300.37.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-headers-2.6.32-300.37.1.el6uek")) flag++; if (rpm_check(release:"EL6", reference:"mlnx_en-2.6.32-300.37.1.el6uek-1.5.7-0.1")) flag++; if (rpm_check(release:"EL6", reference:"mlnx_en-2.6.32-300.37.1.el6uekdebug-1.5.7-0.1")) flag++; if (rpm_check(release:"EL6", reference:"ofa-2.6.32-300.37.1.el6uek-1.5.1-4.0.58")) flag++; if (rpm_check(release:"EL6", reference:"ofa-2.6.32-300.37.1.el6uekdebug-1.5.1-4.0.58")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1568-1.NASL description Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62112 published 2012-09-15 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62112 title Ubuntu 11.10 : linux vulnerabilities (USN-1568-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1568-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(62112); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-3412", "CVE-2012-3430"); script_bugtraq_id(54702, 54763); script_xref(name:"USN", value:"1568-1"); script_name(english:"Ubuntu 11.10 : linux vulnerabilities (USN-1568-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1568-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2012-3412", "CVE-2012-3430"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1568-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-26-generic", pkgver:"3.0.0-26.42")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-26-generic-pae", pkgver:"3.0.0-26.42")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-26-server", pkgver:"3.0.0-26.42")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-26-virtual", pkgver:"3.0.0-26.42")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.0-generic / linux-image-3.0-generic-pae / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1572-1.NASL description Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430) A flaw was discovered in the madvise feature of the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 62199 published 2012-09-19 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62199 title Ubuntu 10.04 LTS : linux vulnerabilities (USN-1572-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1572-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(62199); script_version("1.10"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3511"); script_xref(name:"USN", value:"1572-1"); script_name(english:"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1572-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430) A flaw was discovered in the madvise feature of the Linux kernel's memory subsystem. An unprivileged local use could exploit the flaw to cause a denial of service (crash the system). (CVE-2012-3511). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1572-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3511"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1572-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-43-386", pkgver:"2.6.32-43.97")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-43-generic", pkgver:"2.6.32-43.97")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-43-generic-pae", pkgver:"2.6.32-43.97")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-43-lpia", pkgver:"2.6.32-43.97")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-43-preempt", pkgver:"2.6.32-43.97")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-43-server", pkgver:"2.6.32-43.97")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-43-versatile", pkgver:"2.6.32-43.97")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-43-virtual", pkgver:"2.6.32-43.97")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-386 / linux-image-2.6-generic / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20121016_KERNEL_ON_SL6_X.NASL description This update fixes the following security issue : - A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) This update also fixes several bugs. The system must be rebooted for this update to take effect. last seen 2020-03-18 modified 2012-10-18 plugin id 62616 published 2012-10-18 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62616 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20121016) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(62616); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2012-3412"); script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20121016)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following security issue : - A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) This update also fixes several bugs. The system must be rebooted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1210&L=scientific-linux-errata&T=0&P=2413 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?501bd683" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"kernel-2.6.32-279.11.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-279.11.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-279.11.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-279.11.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-279.11.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-279.11.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-279.11.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"perf-2.6.32-279.11.1.el6")) flag++; if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-279.11.1.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20121002_KERNEL_ON_SL5_X.NASL description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) - A use-after-free flaw was found in the xacct_add_tsk() function in the Linux kernel last seen 2020-03-18 modified 2012-10-04 plugin id 62428 published 2012-10-04 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62428 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121002) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(62428); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-2319", "CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3510"); script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121002)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) - A use-after-free flaw was found in the xacct_add_tsk() function in the Linux kernel's taskstats subsystem. A local, unprivileged user could use this flaw to cause an information leak or a denial of service. (CVE-2012-3510, Moderate) - A buffer overflow flaw was found in the hfs_bnode_read() function in the HFS Plus (HFS+) file system implementation in the Linux kernel. A local user able to mount a specially crafted HFS+ file system image could use this flaw to cause a denial of service or escalate their privileges. (CVE-2012-2319, Low) - A flaw was found in the way the msg_namelen variable in the rds_recvmsg() function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was initialized. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-3430, Low) This update also fixes the following bugs : - The cpuid_whitelist() function, masking the Enhanced Intel SpeedStep (EST) flag from all guests, prevented the 'cpuspeed' service from working in the privileged Xen domain (dom0). CPU scaling was therefore not possible. With this update, cpuid_whitelist() is aware whether the domain executing CPUID is privileged or not, and enables the EST flag for dom0. - If a delayed-allocation write was performed before quota was enabled, the kernel displayed the following warning message : WARNING: at fs/quota/dquot.c:988 dquot_claim_space+0x77/0x112() This was because information about the delayed allocation was not recorded in the quota structure. With this update, writes prior to enabling quota are properly accounted for, and the message is not displayed. - Some subsystems clear the TIF_SIGPENDING flag during error handling in fork() paths. Previously, if the flag was cleared, the ERESTARTNOINTR error code could be returned. The underlying source code has been modified so that the error code is no longer returned. - An unnecessary check for the RXCW.CW bit could cause the Intel e1000e NIC (Network Interface Controller) to not work properly. The check has been removed so that the Intel e1000e NIC works as expected. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1210&L=scientific-linux-errata&T=0&P=1097 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?34d53d90" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-aufs-2.6.18-308.16.1.el5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-aufs-2.6.18-308.16.1.el5PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-aufs-2.6.18-308.16.1.el5xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-ipw3945-2.6.18-308.16.1.el5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-ipw3945-2.6.18-308.16.1.el5PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-ipw3945-2.6.18-308.16.1.el5xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-ndiswrapper-2.6.18-308.16.1.el5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-ndiswrapper-2.6.18-308.16.1.el5PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-ndiswrapper-2.6.18-308.16.1.el5xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.16.1.el5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.16.1.el5PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.16.1.el5xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-xfs-2.6.18-308.16.1.el5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-xfs-2.6.18-308.16.1.el5PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-module-xfs-2.6.18-308.16.1.el5xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"kernel-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-module-aufs-2.6.18-308.16.1.el5-0.20090202.cvs-6.sl5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-aufs-2.6.18-308.16.1.el5PAE-0.20090202.cvs-6.sl5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-module-aufs-2.6.18-308.16.1.el5xen-0.20090202.cvs-6.sl5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-module-ipw3945-2.6.18-308.16.1.el5-1.2.0-2.sl5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-ipw3945-2.6.18-308.16.1.el5PAE-1.2.0-2.sl5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-module-ipw3945-2.6.18-308.16.1.el5xen-1.2.0-2.sl5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-module-ndiswrapper-2.6.18-308.16.1.el5-1.55-1.SL")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-ndiswrapper-2.6.18-308.16.1.el5PAE-1.55-1.SL")) flag++; if (rpm_check(release:"SL5", reference:"kernel-module-ndiswrapper-2.6.18-308.16.1.el5xen-1.55-1.SL")) flag++; if (rpm_check(release:"SL5", reference:"kernel-module-openafs-2.6.18-308.16.1.el5-1.4.14-80.1.sl5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-openafs-2.6.18-308.16.1.el5PAE-1.4.14-80.1.sl5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-module-openafs-2.6.18-308.16.1.el5xen-1.4.14-80.1.sl5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-xfs-2.6.18-308.16.1.el5-0.4-2.sl5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-xfs-2.6.18-308.16.1.el5PAE-0.4-2.sl5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-xfs-2.6.18-308.16.1.el5xen-0.4-2.sl5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-308.16.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1323.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) * A use-after-free flaw was found in the xacct_add_tsk() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 62431 published 2012-10-05 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62431 title CentOS 5 : kernel (CESA-2012:1323) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1323 and # CentOS Errata and Security Advisory 2012:1323 respectively. # include("compat.inc"); if (description) { script_id(62431); script_version("1.10"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2012-2319", "CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3510"); script_bugtraq_id(53401, 54702, 54763, 55144); script_xref(name:"RHSA", value:"2012:1323"); script_name(english:"CentOS 5 : kernel (CESA-2012:1323)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) * A use-after-free flaw was found in the xacct_add_tsk() function in the Linux kernel's taskstats subsystem. A local, unprivileged user could use this flaw to cause an information leak or a denial of service. (CVE-2012-3510, Moderate) * A buffer overflow flaw was found in the hfs_bnode_read() function in the HFS Plus (HFS+) file system implementation in the Linux kernel. A local user able to mount a specially crafted HFS+ file system image could use this flaw to cause a denial of service or escalate their privileges. (CVE-2012-2319, Low) * A flaw was found in the way the msg_namelen variable in the rds_recvmsg() function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was initialized. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-3430, Low) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting CVE-2012-3412, and Alexander Peslyak for reporting CVE-2012-3510. The CVE-2012-3430 issue was discovered by the Red Hat InfiniBand team. This update also fixes the following bugs : * The cpuid_whitelist() function, masking the Enhanced Intel SpeedStep (EST) flag from all guests, prevented the 'cpuspeed' service from working in the privileged Xen domain (dom0). CPU scaling was therefore not possible. With this update, cpuid_whitelist() is aware whether the domain executing CPUID is privileged or not, and enables the EST flag for dom0. (BZ#846125) * If a delayed-allocation write was performed before quota was enabled, the kernel displayed the following warning message : WARNING: at fs/quota/dquot.c:988 dquot_claim_space+0x77/0x112() This was because information about the delayed allocation was not recorded in the quota structure. With this update, writes prior to enabling quota are properly accounted for, and the message is not displayed. (BZ#847326) * In Red Hat Enterprise Linux 5.9, the DSCP (Differentiated Services Code Point) netfilter module now supports mangling of the DSCP field. (BZ#847327) * Some subsystems clear the TIF_SIGPENDING flag during error handling in fork() paths. Previously, if the flag was cleared, the ERESTARTNOINTR error code could be returned. The underlying source code has been modified so that the error code is no longer returned. (BZ#847359) * An unnecessary check for the RXCW.CW bit could cause the Intel e1000e NIC (Network Interface Controller) to not work properly. The check has been removed so that the Intel e1000e NIC works as expected. (BZ#852448) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2012-October/018911.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b7b85c38" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3412"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-308.16.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-308.16.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1577-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 62238 published 2012-09-24 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62238 title USN-1577-1 : linux-ti-omap4 vulnerabilities code # This script was automatically generated from Ubuntu Security # Notice USN-1577-1. It is released under the Nessus Script # Licence. # # Ubuntu Security Notices are (C) Canonical, Inc. # See http://www.ubuntu.com/usn/ # Ubuntu(R) is a registered trademark of Canonical, Inc. if (!defined_func("bn_random")) exit(0); include("compat.inc"); if (description) { script_id(62238); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2016/12/01 20:56:51 $"); script_cve_id("CVE-2012-2121", "CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3511"); script_xref(name:"USN", value:"1577-1"); script_name(english:"USN-1577-1 : linux-ti-omap4 vulnerabilities"); script_summary(english:"Checks dpkg output for updated package(s)"); script_set_attribute(attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches."); script_set_attribute(attribute:"description", value: "A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. (CVE-2012-2121) Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430) A flaw was discovered in the madvise feature of the Linux kernel's memory subsystem. An unprivileged local use could exploit the flaw to cause a denial of service (crash the system). (CVE-2012-3511)"); script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1577-1/"); script_set_attribute(attribute:"solution", value:"Update the affected package(s)."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/21"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Ubuntu Local Security Checks"); script_copyright("Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("ubuntu.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu."); if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages."); flag = 0; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-1209-omap4", pkgver:"2.6.38-1209.26")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1347.NASL description Updated kernel packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) * A buffer overflow flaw was found in the hfs_bnode_read() function in the HFS Plus (HFS+) file system implementation in the Linux kernel. A local user able to mount a specially crafted HFS+ file system image could use this flaw to cause a denial of service or escalate their privileges. (CVE-2012-2319, Low) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting CVE-2012-3412. This update also fixes the following bug : * Some subsystems clear the TIF_SIGPENDING flag during error handling in fork() paths. Previously, if the flag was cleared, the ERESTARTNOINTR error code could be returned. The underlying source code has been modified so that the error code is no longer returned. (BZ#855754) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 64057 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64057 title RHEL 5 : kernel (RHSA-2012:1347) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1347. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(64057); script_version("1.15"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-2319", "CVE-2012-3412"); script_bugtraq_id(53401, 54763); script_xref(name:"RHSA", value:"2012:1347"); script_name(english:"RHEL 5 : kernel (RHSA-2012:1347)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) * A buffer overflow flaw was found in the hfs_bnode_read() function in the HFS Plus (HFS+) file system implementation in the Linux kernel. A local user able to mount a specially crafted HFS+ file system image could use this flaw to cause a denial of service or escalate their privileges. (CVE-2012-2319, Low) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting CVE-2012-3412. This update also fixes the following bug : * Some subsystems clear the TIF_SIGPENDING flag during error handling in fork() paths. Previously, if the flag was cleared, the ERESTARTNOINTR error code could be returned. The underlying source code has been modified so that the error code is no longer returned. (BZ#855754) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1347" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3412" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2319" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.6"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5\.6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.6", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1347"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"kernel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-PAE-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-PAE-debuginfo-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debug-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"kernel-debug-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debug-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debug-devel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debuginfo-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debuginfo-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debuginfo-common-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debuginfo-common-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-devel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"kernel-devel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-devel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", reference:"kernel-doc-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"kernel-headers-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"kernel-headers-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-headers-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"kernel-kdump-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-xen-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-xen-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-xen-debuginfo-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-xen-debuginfo-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-xen-devel-2.6.18-238.45.1.el5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-238.45.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1324.NASL description An updated rhev-hypervisor5 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2012-4244 (bind issue) CVE-2012-2319, CVE-2012-3430, and CVE-2012-3510 (kernel issues) CVE-2011-3102, CVE-2012-0841, and CVE-2012-2807 (libxml2 issues) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78934 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78934 title RHEL 5 : rhev-hypervisor5 (RHSA-2012:1324) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1578-1.NASL description Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430) last seen 2020-06-01 modified 2020-06-02 plugin id 62239 published 2012-09-24 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62239 title USN-1578-1 : linux-ti-omap4 vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1574-1.NASL description A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic). (CVE-2012-2745) Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430) A flaw was discovered in the madvise feature of the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 62211 published 2012-09-20 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62211 title Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1574-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1323-1.NASL description From Red Hat Security Advisory 2012:1323 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) * A use-after-free flaw was found in the xacct_add_tsk() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68631 published 2013-07-12 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68631 title Oracle Linux 5 : kernel (ELSA-2012-1323-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1366.NASL description Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 62572 published 2012-10-17 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62572 title RHEL 6 : kernel (RHSA-2012:1366) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1575-1.NASL description Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62212 published 2012-09-20 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62212 title Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1575-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2507.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 68847 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68847 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1323.NASL description From Red Hat Security Advisory 2012:1323 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) * A use-after-free flaw was found in the xacct_add_tsk() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68632 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68632 title Oracle Linux 5 : kernel (ELSA-2012-1323) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1430.NASL description Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. This update also fixes the following bugs : * In the hpet_next_event() function, an interrupt could have occurred between the read and write of the HPET (High Precision Event Timer) and the value of HPET_COUNTER was then beyond that being written to the comparator (HPET_Tn_CMP). Consequently, the timers were overdue for up to several minutes. Now, a comparison is performed between the value of the counter and the comparator in the HPET code. If the counter is beyond the comparator, the last seen 2020-06-01 modified 2020-06-02 plugin id 64061 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64061 title RHEL 6 : kernel (RHSA-2012:1430) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1366.NASL description From Red Hat Security Advisory 2012:1366 : Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68643 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68643 title Oracle Linux 6 : kernel (ELSA-2012-1366) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2041.NASL description Description of changes: kernel-uek [2.6.32-300.38.1.el6uek] - [net/sfc] limit number of segments per skb on tx (Maxim Uvarov) [Orabug: 14769994] {CVE-2012-3412} last seen 2020-06-01 modified 2020-06-02 plugin id 68686 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68686 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2041) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1366.NASL description Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 62596 published 2012-10-18 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62596 title CentOS 6 : kernel (CESA-2012:1366) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1401.NASL description Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting CVE-2012-3412. This update also fixes the following bugs : * Previously, when a server attempted to shut down a socket, the svc_tcp_sendto() function set the XPT_CLOSE variable if the entire reply failed to be transmitted. However, before XPT_CLOSE could be acted upon, other threads could send further replies before the socket was really shut down. Consequently, data corruption could occur in the RPC record marker. With this update, send operations on a closed socket are stopped immediately, thus preventing this bug. (BZ#853256) * When a PIT (Programmable Interval Timer) MSB (Most Significant Byte) transition occurred very close to an SMI (System Management Interrupt) execution, the pit_verify_msb() function did not see the MSB transition. Consequently, the pit_expect_msb() function returned success incorrectly, eventually causing a large clock drift in the quick_pit_calibrate() function. As a result, the TSC (Time Stamp Counter) calibration on some systems was off by +- 20 MHz, which led to inaccurate timekeeping or ntp synchronization failures. This update fixes pit_expect_msb() and the clock drift no longer occurs in the described scenario. (BZ#853952) * Sometimes, the crypto allocation code could become unresponsive for 60 seconds or multiples thereof due to an incorrect notification mechanism. This could cause applications, like Openswan, to become unresponsive. The notification mechanism has been improved to avoid such hangs. (BZ#854475) * Traffic to the NFS server could trigger a kernel oops in the svc_tcp_clear_pages() function. The source code has been modified, and the kernel oops no longer occurs in this scenario. (BZ#856105) * Under certain circumstances, a system crash could result in data loss on XFS file systems. If files were created immediately before the file system was left to idle for a long period of time and then the system crashed, those files could appear as zero-length once the file system was remounted. This occurred even if a sync or fsync was run on the files. This was because XFS was not correctly idling the journal, and therefore it incorrectly replayed the inode allocation transactions upon mounting after the system crash, which zeroed the file size. This problem has been fixed by re-instating the periodic journal idling logic to ensure that all metadata is flushed within 30 seconds of modification, and the journal is updated to prevent incorrect recovery operations from occurring. (BZ#856685) * On architectures with the 64-bit cputime_t type, it was possible to trigger the last seen 2020-06-01 modified 2020-06-02 plugin id 64059 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64059 title RHEL 6 : kernel (RHSA-2012:1401) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2040.NASL description Description of changes: [2.6.39-200.34.1.el6uek] - [net/sfc] limit number of segments per skb on tx (Maxim Uvarov) [Orabug: 14769994] {CVE-2012-3412} last seen 2020-06-01 modified 2020-06-02 plugin id 68685 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68685 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2040) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1567-1.NASL description A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic). (CVE-2012-2745) Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430) A flaw was discovered in the madvise feature of the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 62111 published 2012-09-15 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62111 title Ubuntu 11.04 : linux vulnerabilities (USN-1567-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1580-1.NASL description Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430) last seen 2020-06-01 modified 2020-06-02 plugin id 62241 published 2012-09-24 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62241 title USN-1580-1 : linux-ti-omap4 vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1573-1.NASL description Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430) A flaw was discovered in the madvise feature of the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 62200 published 2012-09-19 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62200 title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1573-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0287-1.NASL description This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs. The following security bugs have been fixed : CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. (bnc#735347) CVE-2012-1601: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (bnc#754898) CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. (bnc#767612) CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610) CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. (bnc#770695) CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. (bnc#769896) CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (bnc#774523) CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (bnc#773383) CVE-2012-3511: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (bnc#776885) CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. (bnc#789831) CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#786013) CVE-2012-4565: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. (bnc#787576) CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6538: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891) CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892) CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893) CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894) CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898) CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (bnc#809899) CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900) CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901) CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809902) CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903) CVE-2013-0160: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (bnc#797175) CVE-2013-0216: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (bnc#800280)(XSA-39) CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (bnc#801178)(XSA-43) CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (bnc#802642) CVE-2013-0310: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. (bnc#804653) CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226) CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. (bnc#805227) CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. (bnc#804154) CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827) CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (bnc#806138) CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. (bnc#806977) CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (bnc#806976) CVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (bnc#808358) CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (bnc#806980) CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (bnc#806980) CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (bnc#806980) CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. (bnc#811354) CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (bnc#813735) CVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. (bnc#828012) CVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. (bnc#817377) CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (bnc#823267) CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (bnc#823260) CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295) CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750) CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (bnc#827749) CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119) CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#810473) CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (bnc#822575) CVE-2013-2852: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (bnc#822579) CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839) CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839) CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839) CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652) CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095) CVE-2013-4591: Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. (bnc#851103) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) Also the following non-security bugs have been fixed : - x86: Clear HPET configuration registers on startup (bnc#748896). - sched: fix divide by zero in task_utime() (bnc#761774). - sched: Fix pick_next_highest_task_rt() for cgroups (bnc#760596). - mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables. - mm: hugetlbfs: Correctly detect if page tables have just been shared. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)). - cpumask: Partition_sched_domains takes array of cpumask_var_t (bnc#812364). - cpumask: Simplify sched_rt.c (bnc#812364). - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - memcg: fix init_section_page_cgroup pfn alignment (bnc#835481). - tty: fix up atime/mtime mess, take three (bnc#797175). - tty: fix atime/mtime regression (bnc#815745). - ptrace: ptrace_resume() should not wake up !TASK_TRACED thread (bnc#804154). - kbuild: Fix gcc -x syntax (bnc#773831). - ftrace: Disable function tracing during suspend/resume and hibernation, again (bnc#768668). proc: fix pagemap_read() error case (bnc#787573). net: Upgrade device features irrespective of mask (bnc#715250). - tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - netfilter: use RCU safe kfree for conntrack extensions (bnc#827416). - netfilter: prevent race condition breaking net reference counting (bnc#835094). - netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577). - netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577). - tcp_cubic: limit delayed_ack ratio to prevent divide error (bnc#810045). bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648). scsi: Add last seen 2020-06-05 modified 2015-05-20 plugin id 83611 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83611 title SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1323.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) * A use-after-free flaw was found in the xacct_add_tsk() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 62405 published 2012-10-03 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62405 title RHEL 5 : kernel (RHSA-2012:1323) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1579-1.NASL description Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62240 published 2012-09-24 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62240 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-1579-1) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-121203.NASL description The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.51 which fixes various bugs and security issues. It contains the following feature enhancements : - The cachefiles framework is now supported (FATE#312793, bnc#782369). The userland utilities were published seperately to support this feature. - The ipset netfilter modules are now supported (FATE#313309) The ipset userland utility will be published seperately to support this feature. - The tipc kernel module is now externally supported (FATE#305033). - Hyper-V KVP IP injection was implemented (FATE#314441). A seperate hyper-v package will be published to support this feature. - Intel Lynx Point PCH chipset support was added. (FATE#313409) - Enable various md/raid10 and DASD enhancements. (FATE#311379) These make it possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. Also added support for reshaping of RAID10 arrays. mdadm changes will be published to support this feature. The following security issues have been fixed : - A race condition on hot adding memory could be used by local attackers to crash the system during hot adding new memory. (CVE-2012-5517) - A flaw has been found in the way Linux kernels KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could have used this flaw to crash the system. (CVE-2012-4461) - The KVM implementation in the Linux kernel allowed host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (CVE-2012-1601) - Attempting an rds connection from the IP address of an IPoIB interface to itself causes a kernel panic due to a BUG_ON() being triggered. Making the test less strict allows rds-ping to work without crashing the machine. A local unprivileged user could use this flaw to crash the sytem. (CVE-2012-2372) - Dimitry Monakhov, one of the ext4 developers, has discovered a race involving asynchronous I/O and fallocate which can lead to the exposure of stale data --- that is, an extent which should have had the last seen 2020-06-05 modified 2013-01-25 plugin id 64180 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64180 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7123 / 7127)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c
- https://bugzilla.redhat.com/show_bug.cgi?id=844714
- http://www.openwall.com/lists/oss-security/2012/08/03/4
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30
- http://www.ubuntu.com/usn/USN-1568-1
- http://rhn.redhat.com/errata/RHSA-2012-1375.html
- http://www.ubuntu.com/usn/USN-1580-1
- http://www.ubuntu.com/usn/USN-1567-1
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html
- http://www.ubuntu.com/usn/USN-1572-1
- http://www.ubuntu.com/usn/USN-1579-1
- http://rhn.redhat.com/errata/RHSA-2012-1430.html
- https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
- http://rhn.redhat.com/errata/RHSA-2012-1401.html
- http://www.ubuntu.com/usn/USN-1577-1
- http://www.ubuntu.com/usn/USN-1575-1
- http://rhn.redhat.com/errata/RHSA-2012-1347.html
- http://rhn.redhat.com/errata/RHSA-2012-1323.html
- http://www.ubuntu.com/usn/USN-1578-1
- http://rhn.redhat.com/errata/RHSA-2012-1324.html
- http://secunia.com/advisories/50633
- http://secunia.com/advisories/50732
- http://secunia.com/advisories/50811
- http://secunia.com/advisories/51193