Vulnerabilities > CVE-2012-4530 - Information Exposure vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
CWE-200
nessus
exploit available

Summary

The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

Vulnerable Configurations

Part Description Count
OS
Linux
1657

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Exploit-Db

descriptionLinux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure. CVE-2012-4530. Dos exploit for Linux platform
idEDB-ID:41767
last seen2017-03-29
modified2014-01-14
published2014-01-14
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/41767/
titleLinux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-130125.NASL
    descriptionThe SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.58, fixing various bugs and security issues. The updates contains the following feature enhancement : - Enable various md/raid10 and DASD enhancements. - Make is possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. - Added support for reshaping of RAID10 arrays, mdadm changes will be published to support the changes. The following security issues were fixed : - A division by zero in the TCP Illinois algorithm. (CVE-2012-4565) - The uname26 personality leaked kernel memory information. (CVE-2012-0957) - Kernel stack content disclosure via binfmt_script load_script(). (CVE-2012-4530) The following non-security issues were fixed : - BTRFS : - btrfs: reset path lock state to zero. - btrfs: fix off-by-one in lseek. - btrfs: fix btrfs_cont_expand() freeing IS_ERR em. - btrfs: update timestamps on truncate(). - btrfs: put csums on the right ordered extent. - btrfs: use existing align macros in btrfs_allocate() - btrfs: fix off-by-one error of the reserved size of btrfs_allocate() - btrfs: add fiemaps flag check - btrfs: fix permissions of empty files not affected by umask - btrfs: do not auto defrag a file when doing directIO - btrfs: fix wrong return value of btrfs_truncate_page() - btrfs: Notify udev when removing device - btrfs: fix permissions of empty files not affected by umask - btrfs: fix hash overflow handling - btrfs: do not delete a subvolume which is in a R/O subvolume - btrfs: remove call to btrfs_wait_ordered_extents to avoid potential deadlock. - btrfs: update the checks for mixed block groups with big metadata blocks - btrfs: Fix use-after-free in __btrfs_end_transaction - btrfs: use commit root when loading free space cache. - btrfs: avoid setting ->d_op twice (FATE#306586 bnc#731387). - btrfs: fix race in reada (FATE#306586). - btrfs: do not add both copies of DUP to reada extent tree - btrfs: do not mount when we have a sectorsize unequal to PAGE_SIZE - btrfs: add missing unlocks to transaction abort paths - btrfs: avoid sleeping in verify_parent_transid while atomic - btrfs: disallow unequal data/metadata blocksize for mixed block groups - btrfs: enhance superblock sanity checks. (bnc#749651) - btrfs: sanitizing ->fs_info, parts 1-5. - btrfs: make open_ctree() return int. - btrfs: kill pointless reassignment of ->s_fs_info in btrfs_fill_super(). - btrfs: merge free_fs_info() calls on fill_super failures. - btrfs: make free_fs_info() call ->kill_sb() unconditional. - btrfs: consolidate failure exits in btrfs_mount() a bit. - btrfs: let ->s_fs_info point to fs_info, not root... - btrfs: take allocation of ->tree_root into open_ctree(). - Update DASD blk_timeout patches after review by IBM : - dasd: Abort all requests from ioctl - dasd: Disable block timeouts per default - dasd: Reduce amount of messages for specific errors - dasd: Rename ioctls - dasd: check blk_noretry_request in dasd_times_out() - dasd: lock ccw queue in dasd_times_out() - dasd: make DASD_FLAG_TIMEOUT setting more robust - dasd: rename flag to abortall - LPFC : - Update lpfc version for 8.3.5.48.3p driver release. - lpfc 8.3.32: Correct successful aborts returning error status. - lpfc 8.3.34: Correct lock handling to eliminate reset escalation on I/O abort. - lpfc 8.3.34: Streamline fcp underrun message printing. - DRM/i915 : - drm/i915: EBUSY status handling added to i915_gem_fault(). - drm/i915: Only clear the GPU domains upon a successful finish. - drm/i915: always use RPNSWREQ for turbo change requests. - drm/i915: do not call modeset_init_hw in i915_reset. - drm/i915: do not hang userspace when the gpu reset is stuck. - drm/i915: do not trylock in the gpu reset code. - drm/i915: re-init modeset hw state after gpu reset. - HyperV : - x86: Hyper-V: register clocksource only if its advertised. - Other : - xfrm: fix freed block size calculation in xfrm_policy_fini(). - bonding: in balance-rr mode, set curr_active_slave only if it is up. - kernel: broken interrupt statistics (LTC#87893). - kernel: sched_clock() overflow (LTC#87978). - mm: call sleep_on_page_killable from __wait_on_page_locked_killable. - TTY: do not reset masters packet mode. - patches.suse/kbuild-record-built-in-o: Avoid using printf(1) in Makefile.build - rpm/built-in-where.mk: Do not rely on the *.parts file to be newline-separated. - NFS: Allow sec=none mounts in certain cases. - NFS: fix recent breakage to NFS error handling. - bridge: Pull ip header into skb->data before looking into ip header. - dm mpath: allow ioctls to trigger pg init. - dm mpath: only retry ioctl when no paths if queue_if_no_path set. - radix-tree: fix preload vector size. - sched, rt: Unthrottle rt runqueues in __disable_runtime(). - sched/rt: Fix SCHED_RR across cgroups. - sched/rt: Do not throttle when PI boosting. - sched/rt: Keep period timer ticking when rt throttling is active. - sched/rt: Prevent idle task boosting. - mm: limit mmu_gather batching to fix soft lockups on !CONFIG_PREEMPT. - kabi fixup for mm: limit mmu_gather batching to fix soft lockups on !CONFIG_PREEMPT. - Refresh Xen patches after update to 3.0.57. - aio: make kiocb->private NUll in init_sync_kiocb(). - qeth: Fix retry logic in hardsetup. (LTC#87080) - netiucv: reinsert dev_alloc_name for device naming. (LTC#87086) - qeth: set new mac even if old mac is gone (2). (LTC#87138) - ocfs2: use spinlock irqsave for downconvert lock.patch. - af_netlink: force credentials passing. - af_unix: dont send SCM_CREDENTIALS by default. - sunrpc: increase maximum slots to use. - bio: bio allocation failure due to bio_get_nr_vecs(). - bio: do not overflow in bio_get_nr_vecs(). - md: close race between removing and adding a device. - thp, memcg: split hugepage for memcg oom on cow. - bonding: delete migrated IP addresses from the rlb hash table. - xfs: Fix re-use of EWOULDBLOCK during read on dm-mirror. - qla2xxx: Determine the number of outstanding commands based on available resources. - qla2xxx: Ramp down queue depth for attached SCSI devices. - autofs4: fix lockdep splat in autofs. - ipv6: tcp: fix panic in SYN processing. - add splash=black option to bootsplash code, to keep a black background, useful for remote access to VMs.
    last seen2020-06-05
    modified2013-02-08
    plugin id64500
    published2013-02-08
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64500
    titleSuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 7273 / 7276 / 7277)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64500);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-0957", "CVE-2012-4530", "CVE-2012-4565");
    
      script_name(english:"SuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 7273 / 7276 / 7277)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.58, fixing
    various bugs and security issues.
    
    The updates contains the following feature enhancement :
    
      - Enable various md/raid10 and DASD enhancements.
    
      - Make is possible for RAID10 to cope with DASD devices
        being slow for various reasons - the affected device
        will be temporarily removed from the array.
    
      - Added support for reshaping of RAID10 arrays, mdadm
        changes will be published to support the changes. The
        following security issues were fixed :
    
      - A division by zero in the TCP Illinois algorithm.
        (CVE-2012-4565)
    
      - The uname26 personality leaked kernel memory
        information. (CVE-2012-0957)
    
      - Kernel stack content disclosure via binfmt_script
        load_script(). (CVE-2012-4530) The following
        non-security issues were fixed :
    
      - BTRFS :
    
      - btrfs: reset path lock state to zero.
    
      - btrfs: fix off-by-one in lseek.
    
      - btrfs: fix btrfs_cont_expand() freeing IS_ERR em.
    
      - btrfs: update timestamps on truncate().
    
      - btrfs: put csums on the right ordered extent.
    
      - btrfs: use existing align macros in btrfs_allocate()
    
      - btrfs: fix off-by-one error of the reserved size of
        btrfs_allocate()
    
      - btrfs: add fiemaps flag check
    
      - btrfs: fix permissions of empty files not affected by
        umask
    
      - btrfs: do not auto defrag a file when doing directIO
    
      - btrfs: fix wrong return value of btrfs_truncate_page()
    
      - btrfs: Notify udev when removing device
    
      - btrfs: fix permissions of empty files not affected by
        umask
    
      - btrfs: fix hash overflow handling
    
      - btrfs: do not delete a subvolume which is in a R/O
        subvolume
    
      - btrfs: remove call to btrfs_wait_ordered_extents to
        avoid potential deadlock.
    
      - btrfs: update the checks for mixed block groups with big
        metadata blocks
    
      - btrfs: Fix use-after-free in __btrfs_end_transaction
    
      - btrfs: use commit root when loading free space cache.
    
      - btrfs: avoid setting ->d_op twice (FATE#306586
        bnc#731387).
    
      - btrfs: fix race in reada (FATE#306586).
    
      - btrfs: do not add both copies of DUP to reada extent
        tree
    
      - btrfs: do not mount when we have a sectorsize unequal to
        PAGE_SIZE
    
      - btrfs: add missing unlocks to transaction abort paths
    
      - btrfs: avoid sleeping in verify_parent_transid while
        atomic
    
      - btrfs: disallow unequal data/metadata blocksize for
        mixed block groups
    
      - btrfs: enhance superblock sanity checks. (bnc#749651)
    
      - btrfs: sanitizing ->fs_info, parts 1-5.
    
      - btrfs: make open_ctree() return int.
    
      - btrfs: kill pointless reassignment of ->s_fs_info in
        btrfs_fill_super().
    
      - btrfs: merge free_fs_info() calls on fill_super
        failures.
    
      - btrfs: make free_fs_info() call ->kill_sb()
        unconditional.
    
      - btrfs: consolidate failure exits in btrfs_mount() a bit.
    
      - btrfs: let ->s_fs_info point to fs_info, not root...
    
      - btrfs: take allocation of ->tree_root into open_ctree().
    
      - Update DASD blk_timeout patches after review by IBM :
    
      - dasd: Abort all requests from ioctl
    
      - dasd: Disable block timeouts per default
    
      - dasd: Reduce amount of messages for specific errors
    
      - dasd: Rename ioctls
    
      - dasd: check blk_noretry_request in dasd_times_out()
    
      - dasd: lock ccw queue in dasd_times_out()
    
      - dasd: make DASD_FLAG_TIMEOUT setting more robust
    
      - dasd: rename flag to abortall
    
      - LPFC :
    
      - Update lpfc version for 8.3.5.48.3p driver release.
    
      - lpfc 8.3.32: Correct successful aborts returning error
        status.
    
      - lpfc 8.3.34: Correct lock handling to eliminate reset
        escalation on I/O abort.
    
      - lpfc 8.3.34: Streamline fcp underrun message printing.
    
      - DRM/i915 :
    
      - drm/i915: EBUSY status handling added to
        i915_gem_fault().
    
      - drm/i915: Only clear the GPU domains upon a successful
        finish.
    
      - drm/i915: always use RPNSWREQ for turbo change requests.
    
      - drm/i915: do not call modeset_init_hw in i915_reset.
    
      - drm/i915: do not hang userspace when the gpu reset is
        stuck.
    
      - drm/i915: do not trylock in the gpu reset code.
    
      - drm/i915: re-init modeset hw state after gpu reset.
    
      - HyperV :
    
      - x86: Hyper-V: register clocksource only if its
        advertised.
    
      - Other :
    
      - xfrm: fix freed block size calculation in
        xfrm_policy_fini().
    
      - bonding: in balance-rr mode, set curr_active_slave only
        if it is up.
    
      - kernel: broken interrupt statistics (LTC#87893).
    
      - kernel: sched_clock() overflow (LTC#87978).
    
      - mm: call sleep_on_page_killable from
        __wait_on_page_locked_killable.
    
      - TTY: do not reset masters packet mode.
    
      - patches.suse/kbuild-record-built-in-o: Avoid using
        printf(1) in Makefile.build
    
      - rpm/built-in-where.mk: Do not rely on the *.parts file
        to be newline-separated.
    
      - NFS: Allow sec=none mounts in certain cases.
    
      - NFS: fix recent breakage to NFS error handling.
    
      - bridge: Pull ip header into skb->data before looking
        into ip header.
    
      - dm mpath: allow ioctls to trigger pg init.
    
      - dm mpath: only retry ioctl when no paths if
        queue_if_no_path set.
    
      - radix-tree: fix preload vector size.
    
      - sched, rt: Unthrottle rt runqueues in
        __disable_runtime().
    
      - sched/rt: Fix SCHED_RR across cgroups.
    
      - sched/rt: Do not throttle when PI boosting.
    
      - sched/rt: Keep period timer ticking when rt throttling
        is active.
    
      - sched/rt: Prevent idle task boosting.
    
      - mm: limit mmu_gather batching to fix soft lockups on
        !CONFIG_PREEMPT.
    
      - kabi fixup for mm: limit mmu_gather batching to fix soft
        lockups on !CONFIG_PREEMPT.
    
      - Refresh Xen patches after update to 3.0.57.
    
      - aio: make kiocb->private NUll in init_sync_kiocb().
    
      - qeth: Fix retry logic in hardsetup. (LTC#87080)
    
      - netiucv: reinsert dev_alloc_name for device naming.
        (LTC#87086)
    
      - qeth: set new mac even if old mac is gone (2).
        (LTC#87138)
    
      - ocfs2: use spinlock irqsave for downconvert lock.patch.
    
      - af_netlink: force credentials passing.
    
      - af_unix: dont send SCM_CREDENTIALS by default.
    
      - sunrpc: increase maximum slots to use.
    
      - bio: bio allocation failure due to bio_get_nr_vecs().
    
      - bio: do not overflow in bio_get_nr_vecs().
    
      - md: close race between removing and adding a device.
    
      - thp, memcg: split hugepage for memcg oom on cow.
    
      - bonding: delete migrated IP addresses from the rlb hash
        table.
    
      - xfs: Fix re-use of EWOULDBLOCK during read on dm-mirror.
    
      - qla2xxx: Determine the number of outstanding commands
        based on available resources.
    
      - qla2xxx: Ramp down queue depth for attached SCSI
        devices.
    
      - autofs4: fix lockdep splat in autofs.
    
      - ipv6: tcp: fix panic in SYN processing.
    
      - add splash=black option to bootsplash code, to keep a
        black background, useful for remote access to VMs."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=729854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=731387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=736255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=739728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=745876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=749651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=758104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=762158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=763463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=773487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=773831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=775685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=778136"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=779577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=780008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=782721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=783515"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=786013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=786976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=787348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=787576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=787848"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789648"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789993"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=790935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=791498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=791853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=791904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=792270"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=792500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=792656"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=792834"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=793104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=793139"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=793593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=793671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=794231"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=794824"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=795354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=797042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=798960"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=799209"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=799275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=799909"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-0957.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4530.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4565.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 7273 / 7276 / 7277 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-source-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-syms-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.3_06_3.0.58_0.6.2-0.7.16")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-source-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-syms-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"kernel-default-man-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.3_06_3.0.58_0.6.2-0.7.16")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-19804.NASL
    descriptionUpdate to latest stable upstream release, Linux v3.6.9. Various bugfixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-12-07
    plugin id63181
    published2012-12-07
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63181
    titleFedora 18 : kernel-3.6.9-4.fc18 (2012-19804)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-2503.NASL
    descriptionDescription of changes: [2.6.39-300.28.1.el6uek] - kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461} - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} [2.6.39-300.27.1.el6uek] - xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan Beulich) [Orabug: 16243736] {CVE-2013-0231} - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274171] {CVE-2013-0190} - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] - xen/netback: don
    last seen2020-06-01
    modified2020-06-02
    plugin id68845
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68845
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2503)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-176.NASL
    descriptionThe Linux kernel was updated to fix various bugs and security issues : CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0160: Avoid a side channel attack on /dev/ptmx (keyboard input timing). CVE-2012-5374: Fixed a local denial of service in the BTRFS hashing code. CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux kernel, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-0957: The override_release function in kernel/sys.c in the Linux kernel allowed local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. CVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-4508: Race condition in fs/ext4/extents.c in the Linux kernel allowed local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel provided an invalid replacement session keyring to a child process, which allowed local users to cause a denial of service (panic) via a crafted application that uses the fork system call. CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel did not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allowed local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.
    last seen2020-06-05
    modified2014-06-13
    plugin id74914
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74914
    titleopenSUSE Security Update : kernel (openSUSE-SU-2013:0396-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1696-2.NASL
    descriptionUSN-1696-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Jon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64432
    published2013-02-04
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64432
    titleUbuntu 12.04 LTS : linux regression (USN-1696-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1691-1.NASL
    descriptionA flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63541
    published2013-01-15
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63541
    titleUSN-1691-1 : linux-ti-omap4 vulnerability
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-166.NASL
    descriptionIt was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398) A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The
    last seen2020-06-01
    modified2020-06-02
    plugin id69725
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69725
    titleAmazon Linux AMI : kernel (ALAS-2013-166)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1684-1.NASL
    descriptionA flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63475
    published2013-01-11
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63475
    titleUbuntu 10.04 LTS : linux-ec2 vulnerability (USN-1684-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130205_KERNEL_ON_SL6_X.NASL
    descriptionThis update fixes the following security issues : - It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) - A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The
    last seen2020-03-18
    modified2013-02-07
    plugin id64489
    published2013-02-07
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64489
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130205)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-19337.NASL
    descriptionUpdate to Linux v3.6.8 with various fixes across the tree. The linux 3.6.7 stable update contains a number of important bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-12-03
    plugin id63133
    published2012-12-03
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63133
    titleFedora 17 : kernel-3.6.8-2.fc17 (2012-19337)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-8527.NASL
    descriptionThis Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : - A race condition in ptrace(2) could be used by local attackers to crash the kernel and/or execute code in kernel context. (CVE-2013-0871) - Avoid side channel information leaks from the ptys via ptmx, which allowed local attackers to guess keypresses. (CVE-2013-0160) - Avoid leaving bprm->interp on the stack which might have leaked information from the kernel to userland attackers. (CVE-2012-4530) - The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (CVE-2013-0268) - The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (CVE-2013-0216) - The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (CVE-2013-0231) Also the following non-security bugs have been fixed : S/390 : - s390x: tty struct used after free (bnc#809692, LTC#90216). - s390x/kernel: sched_clock() overflow (bnc#799611, LTC#87978). - qeth: set new mac even if old mac is gone (bnc#789012,LTC#86643). - qeth: set new mac even if old mac is gone (2) (bnc#792697,LTC#87138). - qeth: fix deadlock between recovery and bonding driver (bnc#785101,LTC#85905). - dasd: check count address during online setting (bnc#781485,LTC#85346). - hugetlbfs: add missing TLB invalidation (bnc#781485,LTC#85463). - s390/kernel: make user-access pagetable walk code huge page aware (bnc#781485,LTC#85455). XEN : - xen/netback: fix netbk_count_requests(). - xen: properly bound buffer access when parsing cpu/availability. - xen/scsiback/usbback: move cond_resched() invocations to proper place. - xen/pciback: properly clean up after calling pcistub_device_find(). - xen: add further backward-compatibility configure options. - xen/PCI: suppress bogus warning on old hypervisors. - xenbus: fix overflow check in xenbus_dev_write(). - xen/x86: do not corrupt %eip when returning from a signal handler. Other : - kernel: Restrict clearing TIF_SIGPENDING. (bnc#742111) - kernel: recalc_sigpending_tsk fixes. (bnc#742111) - xfs: Do not reclaim new inodes in xfs_sync_inodes(). (bnc#770980) - jbd: Avoid BUG_ON when checkpoint stalls. (bnc#795335) - reiserfs: Fix int overflow while calculating free space. (bnc#795075) - cifs: clarify the meaning of tcpStatus == CifsGood. (bnc#769093) - cifs: do not allow cifs_reconnect to exit with NULL socket pointer. (bnc#769093) - cifs: switch to seq_files. (bnc#776370) - scsi: fix check of PQ and PDT bits for WLUNs. (bnc#765687) - hugetlb: preserve hugetlb pte dirty state. (bnc#790236) - poll: enforce RLIMIT_NOFILE in poll(). (bnc#787272) - proc: fix ->open less usage due to ->proc_fops flip. (bnc#776370) - rpm/kernel-binary.spec.in: Ignore kabi errors if %%ignore_kabi_badness is defined. This is used in the Kernel:* projects in the OBS.
    last seen2020-06-05
    modified2013-04-13
    plugin id65960
    published2013-04-13
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65960
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8527)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1688-1.NASL
    descriptionJon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63539
    published2013-01-15
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63539
    titleUbuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1688-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1698-2.NASL
    descriptionUSN-1698-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64433
    published2013-02-03
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64433
    titleUSN-1698-2 : linux-ti-omap4 regression
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-20240.NASL
    descriptionUpdate to latest upstream stable release, Linux v3.6.10. Various fixes across the tree. Update to latest stable upstream release, Linux v3.6.9. Various bugfixes across the tree. Update to Linux v3.6.8 with various fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-12-18
    plugin id63283
    published2012-12-18
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63283
    titleFedora 16 : kernel-3.6.10-2.fc16 (2012-20240)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1700-1.NASL
    descriptionA flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63616
    published2013-01-18
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63616
    titleUSN-1700-1 : linux-ti-omap4 vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1689-1.NASL
    descriptionJon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63540
    published2013-01-15
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63540
    titleUbuntu 11.10 : linux vulnerabilities (USN-1689-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1696-1.NASL
    descriptionJon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63613
    published2013-01-18
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63613
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-1696-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1700-2.NASL
    descriptionUSN-1700-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64435
    published2013-02-03
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64435
    titleUSN-1700-2 : linux-ti-omap4 regression
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0223.NASL
    descriptionUpdated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) * A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The
    last seen2020-06-01
    modified2020-06-02
    plugin id64492
    published2013-02-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64492
    titleCentOS 6 : kernel (CESA-2013:0223)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1683-1.NASL
    descriptionA flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63474
    published2013-01-11
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63474
    titleUbuntu 10.04 LTS : linux vulnerability (USN-1683-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1704-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63669
    published2013-01-23
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63669
    titleUbuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal vulnerabilities (USN-1704-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-2507.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id68847
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68847
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1699-1.NASL
    descriptionJon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63615
    published2013-01-18
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63615
    titleUbuntu 12.10 : linux vulnerabilities (USN-1699-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-2504.NASL
    descriptionDescription of changes: kernel-uek [2.6.32-300.39.4.el6uek] - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286741] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286741] {CVE-2012-4530} [2.6.32-300.39.3.el6uek] - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274192] {CVE-2013-0190}
    last seen2020-06-01
    modified2020-06-02
    plugin id68846
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68846
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2504)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-1832-1.NASL
    descriptionThe SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up update to fix lots of moderate security issues and several bugs. The Following security issues have been fixed : CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password. CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. CVE-2013-0160: The Linux kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application. CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6546: The ATM implementation in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel memory via a crafted application. CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel had an incorrect return value in certain circumstances, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. CVE-2011-2492: The bluetooth subsystem in the Linux kernel did not properly initialize certain data structures, which allowed local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel on unspecified architectures lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and
    last seen2020-06-05
    modified2015-05-20
    plugin id83603
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83603
    titleSUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0223.NASL
    descriptionFrom Red Hat Security Advisory 2013:0223 : Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) * A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The
    last seen2020-06-01
    modified2020-06-02
    plugin id68724
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68724
    titleOracle Linux 6 : kernel (ELSA-2013-0223)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-0674-1.NASL
    descriptionThis Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : CVE-2013-0871: A race condition in ptrace(2) could be used by local attackers to crash the kernel and/or execute code in kernel context. CVE-2013-0160: Avoid side channel information leaks from the ptys via ptmx, which allowed local attackers to guess keypresses. CVE-2012-4530: Avoid leaving bprm->interp on the stack which might have leaked information from the kernel to userland attackers. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. Also the following non-security bugs have been fixed : S/390 : - s390x: tty struct used after free (bnc#809692, LTC#90216). - s390x/kernel: sched_clock() overflow (bnc#799611, LTC#87978). - qeth: set new mac even if old mac is gone (bnc#789012,LTC#86643). - qeth: set new mac even if old mac is gone (2) (bnc#792697,LTC#87138). - qeth: fix deadlock between recovery and bonding driver (bnc#785101,LTC#85905). - dasd: check count address during online setting (bnc#781485,LTC#85346). - hugetlbfs: add missing TLB invalidation (bnc#781485,LTC#85463). - s390/kernel: make user-access pagetable walk code huge page aware (bnc#781485,LTC#85455). XEN : - xen/netback: fix netbk_count_requests(). - xen: properly bound buffer access when parsing cpu/availability. - xen/scsiback/usbback: move cond_resched() invocations to proper place. - xen/pciback: properly clean up after calling pcistub_device_find(). - xen: add further backward-compatibility configure options. - xen/PCI: suppress bogus warning on old hypervisors. - xenbus: fix overflow check in xenbus_dev_write(). - xen/x86: do not corrupt %eip when returning from a signal handler. Other : - kernel: Restrict clearing TIF_SIGPENDING (bnc#742111). - kernel: recalc_sigpending_tsk fixes (bnc#742111). - xfs: Do not reclaim new inodes in xfs_sync_inodes() (bnc#770980). - jbd: Avoid BUG_ON when checkpoint stalls (bnc#795335). - reiserfs: Fix int overflow while calculating free space (bnc#795075). - cifs: clarify the meaning of tcpStatus == CifsGood (bnc#769093). - cifs: do not allow cifs_reconnect to exit with NULL socket pointer (bnc#769093). - cifs: switch to seq_files (bnc#776370). - scsi: fix check of PQ and PDT bits for WLUNs (bnc#765687). - hugetlb: preserve hugetlb pte dirty state (bnc#790236). - poll: enforce RLIMIT_NOFILE in poll() (bnc#787272). - proc: fix ->open less usage due to ->proc_fops flip (bnc#776370). - rpm/kernel-binary.spec.in: Ignore kabi errors if %%ignore_kabi_badness is defined. This is used in the Kernel:* projects in the OBS. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83580
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83580
    titleSUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2013:0674-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1699-2.NASL
    descriptionUSN-1699-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Jon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64434
    published2013-02-04
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64434
    titleUbuntu 12.10 : linux regression (USN-1699-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0566.NASL
    descriptionUpdated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76658
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76658
    titleRHEL 6 : MRG (RHSA-2013:0566)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-0287-1.NASL
    descriptionThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs. The following security bugs have been fixed : CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. (bnc#735347) CVE-2012-1601: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (bnc#754898) CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. (bnc#767612) CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610) CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. (bnc#770695) CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. (bnc#769896) CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (bnc#774523) CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (bnc#773383) CVE-2012-3511: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (bnc#776885) CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. (bnc#789831) CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#786013) CVE-2012-4565: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. (bnc#787576) CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6538: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891) CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892) CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893) CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894) CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898) CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (bnc#809899) CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900) CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901) CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809902) CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903) CVE-2013-0160: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (bnc#797175) CVE-2013-0216: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (bnc#800280)(XSA-39) CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (bnc#801178)(XSA-43) CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (bnc#802642) CVE-2013-0310: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. (bnc#804653) CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226) CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. (bnc#805227) CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. (bnc#804154) CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827) CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (bnc#806138) CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. (bnc#806977) CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (bnc#806976) CVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (bnc#808358) CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (bnc#806980) CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (bnc#806980) CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (bnc#806980) CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. (bnc#811354) CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (bnc#813735) CVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. (bnc#828012) CVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. (bnc#817377) CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (bnc#823267) CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (bnc#823260) CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295) CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750) CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (bnc#827749) CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119) CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#810473) CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (bnc#822575) CVE-2013-2852: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (bnc#822579) CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839) CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839) CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839) CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652) CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095) CVE-2013-4591: Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. (bnc#851103) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) Also the following non-security bugs have been fixed : - x86: Clear HPET configuration registers on startup (bnc#748896). - sched: fix divide by zero in task_utime() (bnc#761774). - sched: Fix pick_next_highest_task_rt() for cgroups (bnc#760596). - mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables. - mm: hugetlbfs: Correctly detect if page tables have just been shared. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)). - cpumask: Partition_sched_domains takes array of cpumask_var_t (bnc#812364). - cpumask: Simplify sched_rt.c (bnc#812364). - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - memcg: fix init_section_page_cgroup pfn alignment (bnc#835481). - tty: fix up atime/mtime mess, take three (bnc#797175). - tty: fix atime/mtime regression (bnc#815745). - ptrace: ptrace_resume() should not wake up !TASK_TRACED thread (bnc#804154). - kbuild: Fix gcc -x syntax (bnc#773831). - ftrace: Disable function tracing during suspend/resume and hibernation, again (bnc#768668). proc: fix pagemap_read() error case (bnc#787573). net: Upgrade device features irrespective of mask (bnc#715250). - tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - netfilter: use RCU safe kfree for conntrack extensions (bnc#827416). - netfilter: prevent race condition breaking net reference counting (bnc#835094). - netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577). - netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577). - tcp_cubic: limit delayed_ack ratio to prevent divide error (bnc#810045). bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648). scsi: Add
    last seen2020-06-05
    modified2015-05-20
    plugin id83611
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83611
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2013-0008.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - kmod: make __request_module killable (Oleg Nesterov) [Orabug: 16286305] (CVE-2012-4398) - kmod: introduce call_modprobe helper (Oleg Nesterov) [Orabug: 16286305] (CVE-2012-4398) - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] (CVE-2012-4398) - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] (CVE-2012-4398) - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] (CVE-2012-4461) - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] (CVE-2012-4530) - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] (CVE-2012-4530) - xen-pciback: rate limit error messages from xen_pcibk_enable_msi[,x] (Jan Beulich) [Orabug: 16243736] (CVE-2013-0231) - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274171] (CVE-2013-0190) - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] - xen/netback: don
    last seen2020-06-01
    modified2020-06-02
    plugin id79497
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79497
    titleOracleVM 3.2 : kernel-uek (OVMSA-2013-0008)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1704-2.NASL
    descriptionUSN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Brad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64436
    published2013-02-04
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64436
    titleUbuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal regression (USN-1704-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0223.NASL
    descriptionUpdated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) * A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The
    last seen2020-06-01
    modified2020-06-02
    plugin id64479
    published2013-02-06
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64479
    titleRHEL 6 : kernel (RHSA-2013:0223)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-8518.NASL
    descriptionThis Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : - A race condition in ptrace(2) could be used by local attackers to crash the kernel and/or execute code in kernel context. (CVE-2013-0871) - Avoid side channel information leaks from the ptys via ptmx, which allowed local attackers to guess keypresses. (CVE-2013-0160) - Avoid leaving bprm->interp on the stack which might have leaked information from the kernel to userland attackers. (CVE-2012-4530) - The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (CVE-2013-0268) - The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (CVE-2013-0216) - The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (CVE-2013-0231) Also the following non-security bugs have been fixed : S/390 : - s390x: tty struct used after free (bnc#809692, LTC#90216). - s390x/kernel: sched_clock() overflow (bnc#799611, LTC#87978). - qeth: set new mac even if old mac is gone (bnc#789012,LTC#86643). - qeth: set new mac even if old mac is gone (2) (bnc#792697,LTC#87138). - qeth: fix deadlock between recovery and bonding driver (bnc#785101,LTC#85905). - dasd: check count address during online setting (bnc#781485,LTC#85346). - hugetlbfs: add missing TLB invalidation (bnc#781485,LTC#85463). - s390/kernel: make user-access pagetable walk code huge page aware (bnc#781485,LTC#85455). XEN : - xen/netback: fix netbk_count_requests(). - xen: properly bound buffer access when parsing cpu/availability. - xen/scsiback/usbback: move cond_resched() invocations to proper place. - xen/pciback: properly clean up after calling pcistub_device_find(). - xen: add further backward-compatibility configure options. - xen/PCI: suppress bogus warning on old hypervisors. - xenbus: fix overflow check in xenbus_dev_write(). - xen/x86: do not corrupt %eip when returning from a signal handler. Other : - kernel: Restrict clearing TIF_SIGPENDING. (bnc#742111) - kernel: recalc_sigpending_tsk fixes. (bnc#742111) - xfs: Do not reclaim new inodes in xfs_sync_inodes(). (bnc#770980) - jbd: Avoid BUG_ON when checkpoint stalls. (bnc#795335) - reiserfs: Fix int overflow while calculating free space. (bnc#795075) - cifs: clarify the meaning of tcpStatus == CifsGood. (bnc#769093) - cifs: do not allow cifs_reconnect to exit with NULL socket pointer. (bnc#769093) - cifs: switch to seq_files. (bnc#776370) - scsi: fix check of PQ and PDT bits for WLUNs. (bnc#765687) - hugetlb: preserve hugetlb pte dirty state. (bnc#790236) - poll: enforce RLIMIT_NOFILE in poll(). (bnc#787272) - proc: fix ->open less usage due to ->proc_fops flip. (bnc#776370) - rpm/kernel-binary.spec.in: Ignore kabi errors if %%ignore_kabi_badness is defined. This is used in the Kernel:* projects in the OBS.
    last seen2020-06-05
    modified2013-04-13
    plugin id65959
    published2013-04-13
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65959
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8518)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1698-1.NASL
    descriptionA flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63614
    published2013-01-18
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63614
    titleUSN-1698-1 : linux-ti-omap4 vulnerabilities

Redhat

advisories
bugzilla
id868285
titleCVE-2012-4530 kernel: stack disclosure in binfmt_script load_script()
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • commentkernel earlier than 0:2.6.32-279.22.1.el6 is currently running
        ovaloval:com.redhat.rhsa:tst:20130223025
      • commentkernel earlier than 0:2.6.32-279.22.1.el6 is set to boot up on next boot
        ovaloval:com.redhat.rhsa:tst:20130223026
    • OR
      • AND
        • commentkernel-firmware is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223001
        • commentkernel-firmware is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842004
      • AND
        • commentkernel-doc is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223003
        • commentkernel-doc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842002
      • AND
        • commentperf is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223005
        • commentperf is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842006
      • AND
        • commentkernel-debug is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223007
        • commentkernel-debug is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842014
      • AND
        • commentkernel-headers is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223009
        • commentkernel-headers is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842010
      • AND
        • commentkernel is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223011
        • commentkernel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842012
      • AND
        • commentkernel-debug-devel is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223013
        • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842008
      • AND
        • commentkernel-devel is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223015
        • commentkernel-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842016
      • AND
        • commentpython-perf is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223017
        • commentpython-perf is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111530024
      • AND
        • commentkernel-bootwrapper is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223019
        • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842018
      • AND
        • commentkernel-kdump is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223021
        • commentkernel-kdump is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842020
      • AND
        • commentkernel-kdump-devel is earlier than 0:2.6.32-279.22.1.el6
          ovaloval:com.redhat.rhsa:tst:20130223023
        • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100842022
rhsa
idRHSA-2013:0223
released2013-02-05
severityModerate
titleRHSA-2013:0223: kernel security and bug fix update (Moderate)
rpms
  • kernel-0:2.6.32-279.22.1.el6
  • kernel-bootwrapper-0:2.6.32-279.22.1.el6
  • kernel-debug-0:2.6.32-279.22.1.el6
  • kernel-debug-debuginfo-0:2.6.32-279.22.1.el6
  • kernel-debug-devel-0:2.6.32-279.22.1.el6
  • kernel-debuginfo-0:2.6.32-279.22.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-279.22.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-279.22.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-279.22.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-279.22.1.el6
  • kernel-devel-0:2.6.32-279.22.1.el6
  • kernel-doc-0:2.6.32-279.22.1.el6
  • kernel-firmware-0:2.6.32-279.22.1.el6
  • kernel-headers-0:2.6.32-279.22.1.el6
  • kernel-kdump-0:2.6.32-279.22.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-279.22.1.el6
  • kernel-kdump-devel-0:2.6.32-279.22.1.el6
  • perf-0:2.6.32-279.22.1.el6
  • perf-debuginfo-0:2.6.32-279.22.1.el6
  • python-perf-0:2.6.32-279.22.1.el6
  • python-perf-debuginfo-0:2.6.32-279.22.1.el6
  • kernel-rt-0:3.6.11-rt28.20.el6rt
  • kernel-rt-debug-0:3.6.11-rt28.20.el6rt
  • kernel-rt-debug-debuginfo-0:3.6.11-rt28.20.el6rt
  • kernel-rt-debug-devel-0:3.6.11-rt28.20.el6rt
  • kernel-rt-debuginfo-0:3.6.11-rt28.20.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.6.11-rt28.20.el6rt
  • kernel-rt-devel-0:3.6.11-rt28.20.el6rt
  • kernel-rt-doc-0:3.6.11-rt28.20.el6rt
  • kernel-rt-firmware-0:3.6.11-rt28.20.el6rt
  • kernel-rt-trace-0:3.6.11-rt28.20.el6rt
  • kernel-rt-trace-debuginfo-0:3.6.11-rt28.20.el6rt
  • kernel-rt-trace-devel-0:3.6.11-rt28.20.el6rt
  • kernel-rt-vanilla-0:3.6.11-rt28.20.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.6.11-rt28.20.el6rt
  • kernel-rt-vanilla-devel-0:3.6.11-rt28.20.el6rt
  • mrg-rt-release-0:3.6.11-rt28.20.el6rt