Vulnerabilities > CVE-2012-4565 - Numeric Errors vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.

Vulnerable Configurations

Part Description Count
OS
Linux
1539

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-130125.NASL
    descriptionThe SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.58, fixing various bugs and security issues. The updates contains the following feature enhancement : - Enable various md/raid10 and DASD enhancements. - Make is possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. - Added support for reshaping of RAID10 arrays, mdadm changes will be published to support the changes. The following security issues were fixed : - A division by zero in the TCP Illinois algorithm. (CVE-2012-4565) - The uname26 personality leaked kernel memory information. (CVE-2012-0957) - Kernel stack content disclosure via binfmt_script load_script(). (CVE-2012-4530) The following non-security issues were fixed : - BTRFS : - btrfs: reset path lock state to zero. - btrfs: fix off-by-one in lseek. - btrfs: fix btrfs_cont_expand() freeing IS_ERR em. - btrfs: update timestamps on truncate(). - btrfs: put csums on the right ordered extent. - btrfs: use existing align macros in btrfs_allocate() - btrfs: fix off-by-one error of the reserved size of btrfs_allocate() - btrfs: add fiemaps flag check - btrfs: fix permissions of empty files not affected by umask - btrfs: do not auto defrag a file when doing directIO - btrfs: fix wrong return value of btrfs_truncate_page() - btrfs: Notify udev when removing device - btrfs: fix permissions of empty files not affected by umask - btrfs: fix hash overflow handling - btrfs: do not delete a subvolume which is in a R/O subvolume - btrfs: remove call to btrfs_wait_ordered_extents to avoid potential deadlock. - btrfs: update the checks for mixed block groups with big metadata blocks - btrfs: Fix use-after-free in __btrfs_end_transaction - btrfs: use commit root when loading free space cache. - btrfs: avoid setting ->d_op twice (FATE#306586 bnc#731387). - btrfs: fix race in reada (FATE#306586). - btrfs: do not add both copies of DUP to reada extent tree - btrfs: do not mount when we have a sectorsize unequal to PAGE_SIZE - btrfs: add missing unlocks to transaction abort paths - btrfs: avoid sleeping in verify_parent_transid while atomic - btrfs: disallow unequal data/metadata blocksize for mixed block groups - btrfs: enhance superblock sanity checks. (bnc#749651) - btrfs: sanitizing ->fs_info, parts 1-5. - btrfs: make open_ctree() return int. - btrfs: kill pointless reassignment of ->s_fs_info in btrfs_fill_super(). - btrfs: merge free_fs_info() calls on fill_super failures. - btrfs: make free_fs_info() call ->kill_sb() unconditional. - btrfs: consolidate failure exits in btrfs_mount() a bit. - btrfs: let ->s_fs_info point to fs_info, not root... - btrfs: take allocation of ->tree_root into open_ctree(). - Update DASD blk_timeout patches after review by IBM : - dasd: Abort all requests from ioctl - dasd: Disable block timeouts per default - dasd: Reduce amount of messages for specific errors - dasd: Rename ioctls - dasd: check blk_noretry_request in dasd_times_out() - dasd: lock ccw queue in dasd_times_out() - dasd: make DASD_FLAG_TIMEOUT setting more robust - dasd: rename flag to abortall - LPFC : - Update lpfc version for 8.3.5.48.3p driver release. - lpfc 8.3.32: Correct successful aborts returning error status. - lpfc 8.3.34: Correct lock handling to eliminate reset escalation on I/O abort. - lpfc 8.3.34: Streamline fcp underrun message printing. - DRM/i915 : - drm/i915: EBUSY status handling added to i915_gem_fault(). - drm/i915: Only clear the GPU domains upon a successful finish. - drm/i915: always use RPNSWREQ for turbo change requests. - drm/i915: do not call modeset_init_hw in i915_reset. - drm/i915: do not hang userspace when the gpu reset is stuck. - drm/i915: do not trylock in the gpu reset code. - drm/i915: re-init modeset hw state after gpu reset. - HyperV : - x86: Hyper-V: register clocksource only if its advertised. - Other : - xfrm: fix freed block size calculation in xfrm_policy_fini(). - bonding: in balance-rr mode, set curr_active_slave only if it is up. - kernel: broken interrupt statistics (LTC#87893). - kernel: sched_clock() overflow (LTC#87978). - mm: call sleep_on_page_killable from __wait_on_page_locked_killable. - TTY: do not reset masters packet mode. - patches.suse/kbuild-record-built-in-o: Avoid using printf(1) in Makefile.build - rpm/built-in-where.mk: Do not rely on the *.parts file to be newline-separated. - NFS: Allow sec=none mounts in certain cases. - NFS: fix recent breakage to NFS error handling. - bridge: Pull ip header into skb->data before looking into ip header. - dm mpath: allow ioctls to trigger pg init. - dm mpath: only retry ioctl when no paths if queue_if_no_path set. - radix-tree: fix preload vector size. - sched, rt: Unthrottle rt runqueues in __disable_runtime(). - sched/rt: Fix SCHED_RR across cgroups. - sched/rt: Do not throttle when PI boosting. - sched/rt: Keep period timer ticking when rt throttling is active. - sched/rt: Prevent idle task boosting. - mm: limit mmu_gather batching to fix soft lockups on !CONFIG_PREEMPT. - kabi fixup for mm: limit mmu_gather batching to fix soft lockups on !CONFIG_PREEMPT. - Refresh Xen patches after update to 3.0.57. - aio: make kiocb->private NUll in init_sync_kiocb(). - qeth: Fix retry logic in hardsetup. (LTC#87080) - netiucv: reinsert dev_alloc_name for device naming. (LTC#87086) - qeth: set new mac even if old mac is gone (2). (LTC#87138) - ocfs2: use spinlock irqsave for downconvert lock.patch. - af_netlink: force credentials passing. - af_unix: dont send SCM_CREDENTIALS by default. - sunrpc: increase maximum slots to use. - bio: bio allocation failure due to bio_get_nr_vecs(). - bio: do not overflow in bio_get_nr_vecs(). - md: close race between removing and adding a device. - thp, memcg: split hugepage for memcg oom on cow. - bonding: delete migrated IP addresses from the rlb hash table. - xfs: Fix re-use of EWOULDBLOCK during read on dm-mirror. - qla2xxx: Determine the number of outstanding commands based on available resources. - qla2xxx: Ramp down queue depth for attached SCSI devices. - autofs4: fix lockdep splat in autofs. - ipv6: tcp: fix panic in SYN processing. - add splash=black option to bootsplash code, to keep a black background, useful for remote access to VMs.
    last seen2020-06-05
    modified2013-02-08
    plugin id64500
    published2013-02-08
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64500
    titleSuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 7273 / 7276 / 7277)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64500);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-0957", "CVE-2012-4530", "CVE-2012-4565");
    
      script_name(english:"SuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 7273 / 7276 / 7277)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.58, fixing
    various bugs and security issues.
    
    The updates contains the following feature enhancement :
    
      - Enable various md/raid10 and DASD enhancements.
    
      - Make is possible for RAID10 to cope with DASD devices
        being slow for various reasons - the affected device
        will be temporarily removed from the array.
    
      - Added support for reshaping of RAID10 arrays, mdadm
        changes will be published to support the changes. The
        following security issues were fixed :
    
      - A division by zero in the TCP Illinois algorithm.
        (CVE-2012-4565)
    
      - The uname26 personality leaked kernel memory
        information. (CVE-2012-0957)
    
      - Kernel stack content disclosure via binfmt_script
        load_script(). (CVE-2012-4530) The following
        non-security issues were fixed :
    
      - BTRFS :
    
      - btrfs: reset path lock state to zero.
    
      - btrfs: fix off-by-one in lseek.
    
      - btrfs: fix btrfs_cont_expand() freeing IS_ERR em.
    
      - btrfs: update timestamps on truncate().
    
      - btrfs: put csums on the right ordered extent.
    
      - btrfs: use existing align macros in btrfs_allocate()
    
      - btrfs: fix off-by-one error of the reserved size of
        btrfs_allocate()
    
      - btrfs: add fiemaps flag check
    
      - btrfs: fix permissions of empty files not affected by
        umask
    
      - btrfs: do not auto defrag a file when doing directIO
    
      - btrfs: fix wrong return value of btrfs_truncate_page()
    
      - btrfs: Notify udev when removing device
    
      - btrfs: fix permissions of empty files not affected by
        umask
    
      - btrfs: fix hash overflow handling
    
      - btrfs: do not delete a subvolume which is in a R/O
        subvolume
    
      - btrfs: remove call to btrfs_wait_ordered_extents to
        avoid potential deadlock.
    
      - btrfs: update the checks for mixed block groups with big
        metadata blocks
    
      - btrfs: Fix use-after-free in __btrfs_end_transaction
    
      - btrfs: use commit root when loading free space cache.
    
      - btrfs: avoid setting ->d_op twice (FATE#306586
        bnc#731387).
    
      - btrfs: fix race in reada (FATE#306586).
    
      - btrfs: do not add both copies of DUP to reada extent
        tree
    
      - btrfs: do not mount when we have a sectorsize unequal to
        PAGE_SIZE
    
      - btrfs: add missing unlocks to transaction abort paths
    
      - btrfs: avoid sleeping in verify_parent_transid while
        atomic
    
      - btrfs: disallow unequal data/metadata blocksize for
        mixed block groups
    
      - btrfs: enhance superblock sanity checks. (bnc#749651)
    
      - btrfs: sanitizing ->fs_info, parts 1-5.
    
      - btrfs: make open_ctree() return int.
    
      - btrfs: kill pointless reassignment of ->s_fs_info in
        btrfs_fill_super().
    
      - btrfs: merge free_fs_info() calls on fill_super
        failures.
    
      - btrfs: make free_fs_info() call ->kill_sb()
        unconditional.
    
      - btrfs: consolidate failure exits in btrfs_mount() a bit.
    
      - btrfs: let ->s_fs_info point to fs_info, not root...
    
      - btrfs: take allocation of ->tree_root into open_ctree().
    
      - Update DASD blk_timeout patches after review by IBM :
    
      - dasd: Abort all requests from ioctl
    
      - dasd: Disable block timeouts per default
    
      - dasd: Reduce amount of messages for specific errors
    
      - dasd: Rename ioctls
    
      - dasd: check blk_noretry_request in dasd_times_out()
    
      - dasd: lock ccw queue in dasd_times_out()
    
      - dasd: make DASD_FLAG_TIMEOUT setting more robust
    
      - dasd: rename flag to abortall
    
      - LPFC :
    
      - Update lpfc version for 8.3.5.48.3p driver release.
    
      - lpfc 8.3.32: Correct successful aborts returning error
        status.
    
      - lpfc 8.3.34: Correct lock handling to eliminate reset
        escalation on I/O abort.
    
      - lpfc 8.3.34: Streamline fcp underrun message printing.
    
      - DRM/i915 :
    
      - drm/i915: EBUSY status handling added to
        i915_gem_fault().
    
      - drm/i915: Only clear the GPU domains upon a successful
        finish.
    
      - drm/i915: always use RPNSWREQ for turbo change requests.
    
      - drm/i915: do not call modeset_init_hw in i915_reset.
    
      - drm/i915: do not hang userspace when the gpu reset is
        stuck.
    
      - drm/i915: do not trylock in the gpu reset code.
    
      - drm/i915: re-init modeset hw state after gpu reset.
    
      - HyperV :
    
      - x86: Hyper-V: register clocksource only if its
        advertised.
    
      - Other :
    
      - xfrm: fix freed block size calculation in
        xfrm_policy_fini().
    
      - bonding: in balance-rr mode, set curr_active_slave only
        if it is up.
    
      - kernel: broken interrupt statistics (LTC#87893).
    
      - kernel: sched_clock() overflow (LTC#87978).
    
      - mm: call sleep_on_page_killable from
        __wait_on_page_locked_killable.
    
      - TTY: do not reset masters packet mode.
    
      - patches.suse/kbuild-record-built-in-o: Avoid using
        printf(1) in Makefile.build
    
      - rpm/built-in-where.mk: Do not rely on the *.parts file
        to be newline-separated.
    
      - NFS: Allow sec=none mounts in certain cases.
    
      - NFS: fix recent breakage to NFS error handling.
    
      - bridge: Pull ip header into skb->data before looking
        into ip header.
    
      - dm mpath: allow ioctls to trigger pg init.
    
      - dm mpath: only retry ioctl when no paths if
        queue_if_no_path set.
    
      - radix-tree: fix preload vector size.
    
      - sched, rt: Unthrottle rt runqueues in
        __disable_runtime().
    
      - sched/rt: Fix SCHED_RR across cgroups.
    
      - sched/rt: Do not throttle when PI boosting.
    
      - sched/rt: Keep period timer ticking when rt throttling
        is active.
    
      - sched/rt: Prevent idle task boosting.
    
      - mm: limit mmu_gather batching to fix soft lockups on
        !CONFIG_PREEMPT.
    
      - kabi fixup for mm: limit mmu_gather batching to fix soft
        lockups on !CONFIG_PREEMPT.
    
      - Refresh Xen patches after update to 3.0.57.
    
      - aio: make kiocb->private NUll in init_sync_kiocb().
    
      - qeth: Fix retry logic in hardsetup. (LTC#87080)
    
      - netiucv: reinsert dev_alloc_name for device naming.
        (LTC#87086)
    
      - qeth: set new mac even if old mac is gone (2).
        (LTC#87138)
    
      - ocfs2: use spinlock irqsave for downconvert lock.patch.
    
      - af_netlink: force credentials passing.
    
      - af_unix: dont send SCM_CREDENTIALS by default.
    
      - sunrpc: increase maximum slots to use.
    
      - bio: bio allocation failure due to bio_get_nr_vecs().
    
      - bio: do not overflow in bio_get_nr_vecs().
    
      - md: close race between removing and adding a device.
    
      - thp, memcg: split hugepage for memcg oom on cow.
    
      - bonding: delete migrated IP addresses from the rlb hash
        table.
    
      - xfs: Fix re-use of EWOULDBLOCK during read on dm-mirror.
    
      - qla2xxx: Determine the number of outstanding commands
        based on available resources.
    
      - qla2xxx: Ramp down queue depth for attached SCSI
        devices.
    
      - autofs4: fix lockdep splat in autofs.
    
      - ipv6: tcp: fix panic in SYN processing.
    
      - add splash=black option to bootsplash code, to keep a
        black background, useful for remote access to VMs."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=729854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=731387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=736255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=739728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=745876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=749651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=758104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=762158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=763463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=773487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=773831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=775685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=778136"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=779577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=780008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=782721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=783515"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=786013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=786976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=787348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=787576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=787848"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789648"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789993"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=790935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=791498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=791853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=791904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=792270"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=792500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=792656"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=792834"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=793104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=793139"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=793593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=793671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=794231"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=794824"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=795354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=797042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=798960"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=799209"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=799275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=799909"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-0957.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4530.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4565.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 7273 / 7276 / 7277 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-source-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-syms-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.3_06_3.0.58_0.6.2-0.7.16")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-source-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-syms-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"kernel-default-man-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.58-0.6.2.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.3_06_3.0.58_0.6.2-0.7.16")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.3_06_3.0.58_0.6.2-0.7.16")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1644-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63116
    published2012-12-02
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63116
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-1644-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1644-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63116);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-0957", "CVE-2012-4565");
      script_bugtraq_id(55855, 56346);
      script_xref(name:"USN", value:"1644-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-1644-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Brad Spengler discovered a flaw in the Linux kernel's uname system
    call. An unprivileged user could exploit this flaw to read kernel
    stack memory. (CVE-2012-0957)
    
    Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
    congestion control algorithm. A local attacker could use this to cause
    a denial of service. (CVE-2012-4565).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1644-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2012-0957", "CVE-2012-4565");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1644-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-34-generic", pkgver:"3.2.0-34.53")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-34-generic-pae", pkgver:"3.2.0-34.53")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-34-highbank", pkgver:"3.2.0-34.53")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-34-virtual", pkgver:"3.2.0-34.53")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1649-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63121
    published2012-12-02
    reporterUbuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63121
    titleUSN-1649-1 : linux-ti-omap4 vulnerabilities
    code
    # This script was automatically generated from Ubuntu Security
    # Notice USN-1649-1.  It is released under the Nessus Script 
    # Licence.
    #
    # Ubuntu Security Notices are (C) Canonical, Inc.
    # See http://www.ubuntu.com/usn/
    # Ubuntu(R) is a registered trademark of Canonical, Inc.
    
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63121);
      script_version("$Revision: 1.3 $");
      script_cvs_date("$Date: 2016/12/01 20:56:51 $");
    
     script_cve_id("CVE-2012-0957", "CVE-2012-4565");
      script_xref(name:"USN", value:"1649-1");
    
      script_name(english:"USN-1649-1 : linux-ti-omap4 vulnerabilities");
      script_summary(english:"Checks dpkg output for updated package(s)");
    
      script_set_attribute(attribute:"synopsis", value: 
    "The remote Ubuntu host is missing one or more security-related
    patches.");
      script_set_attribute(attribute:"description", value:
    "Brad Spengler discovered a flaw in the Linux kernel's uname system
    call. An unprivileged user could exploit this flaw to read kernel
    stack memory. (CVE-2012-0957)
    
    Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
    congestion control algorithm. A local attacker could use this to
    cause a denial of service. (CVE-2012-4565)");
      script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1649-1/");
      script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/30");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/02");
      script_end_attributes();
        
      script_category(ACT_GATHER_INFO);
      script_family(english:"Ubuntu Local Security Checks");
    
      script_copyright("Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("ubuntu.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu.");
    if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages.");
    
    flag = 0;
    
    if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-1218-omap4", pkgver:"3.0.0-1218.31")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:ubuntu_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1651-1.NASL
    descriptionRodrigo Freire discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63123
    published2012-12-02
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63123
    titleUbuntu 10.04 LTS : linux vulnerability (USN-1651-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-17413.NASL
    descriptionLinux v3.6.5, latest upstream stable release with fixes across the tree. Fixes CVE-2012-4565 and CVE-2012-4508. Updates kernel module signing to match the upstream kernel, and updates the UEFI secure boot patch set. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-11-08
    plugin id62851
    published2012-11-08
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62851
    titleFedora 18 : kernel-3.6.5-2.fc18 (2012-17413)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1653-1.NASL
    descriptionRodrigo Freire discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63154
    published2012-12-05
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63154
    titleUbuntu 10.04 LTS : linux-ec2 vulnerability (USN-1653-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1650-1.NASL
    descriptionRodrigo Freire discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63122
    published2012-12-02
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63122
    titleUbuntu 8.04 LTS : linux vulnerability (USN-1650-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-17462.NASL
    descriptionUpdate to latest upstream stable release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-11-07
    plugin id62830
    published2012-11-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62830
    titleFedora 17 : kernel-3.6.5-1.fc17 (2012-17462)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1646-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63118
    published2012-12-02
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63118
    titleUbuntu 12.10 : linux vulnerabilities (USN-1646-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-142.NASL
    descriptionA use-after-free flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69632
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69632
    titleAmazon Linux AMI : kernel (ALAS-2012-142)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1648-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63120
    published2012-12-02
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63120
    titleUbuntu 11.10 : linux vulnerabilities (USN-1648-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20121218_KERNEL_ON_SL6_X.NASL
    descriptionThis update fixes the following security issues : - It was found that a previous update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) - A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-03-18
    modified2012-12-20
    plugin id63313
    published2012-12-20
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63313
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20121218)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1652-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63124
    published2012-12-02
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63124
    titleUbuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1652-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1704-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63669
    published2013-01-23
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63669
    titleUbuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal vulnerabilities (USN-1704-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-2507.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id68847
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68847
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-2048.NASL
    descriptionDescription of changes: kernel-uek [2.6.32-300.39.2.el6uek] - ext4: fix undefined behavior in ext4_fill_flex_info() (Xi Wang) [orabug 16020245] {CVE-2012-2100} - Divide by zero in TCP congestion control Algorithm (Jesper Dangaard Brouer) [orabug 16020447] {CVE-2012-4565} - ipv6: discard overlapping fragment (Luis Henriques) [orabug 16021354] {CVE-2012-4444}
    last seen2020-06-01
    modified2020-06-02
    plugin id68690
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68690
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2048)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-148.NASL
    descriptionA malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375 , Moderate) A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-06-01
    modified2020-06-02
    plugin id69707
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69707
    titleAmazon Linux AMI : kernel / nvidia (ALAS-2013-148)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1580.NASL
    descriptionUpdated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-06-01
    modified2020-06-02
    plugin id63305
    published2012-12-20
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63305
    titleCentOS 6 : kernel (CESA-2012:1580)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2013-0003.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - bonding: fixup typo in rlb mode of bond and bridge fix (Guru Anbalagane) [Orabug: 16069448] - bonding: rlb mode of bond should not alter ARP originating via bridge (zheng.li) [Orabug: 14650975] - compilation fix oracleasm typo (Maxim Uvarov) - mm/hotplug: correctly add new zone to all other nodes
    last seen2020-06-01
    modified2020-06-02
    plugin id79495
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79495
    titleOracleVM 3.2 : kernel-uek (OVMSA-2013-0003)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-2047.NASL
    descriptionDescription of changes: [2.6.39-300.17.3.el6uek] - mm/hotplug: correctly add new zone to all other nodes
    last seen2020-06-01
    modified2020-06-02
    plugin id68689
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68689
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2047)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-17479.NASL
    descriptionThis Linux 3.6.5 stable update contains a large number of important bugfixes and security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-11-07
    plugin id62831
    published2012-11-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62831
    titleFedora 16 : kernel-3.6.5-2.fc16 (2012-17479)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1580.NASL
    descriptionFrom Red Hat Security Advisory 2012:1580 : Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-06-01
    modified2020-06-02
    plugin id68666
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68666
    titleOracle Linux 6 : kernel (ELSA-2012-1580)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1645-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63117
    published2012-12-02
    reporterUbuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63117
    titleUSN-1645-1 : linux-ti-omap4 vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-0287-1.NASL
    descriptionThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs. The following security bugs have been fixed : CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. (bnc#735347) CVE-2012-1601: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (bnc#754898) CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. (bnc#767612) CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610) CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. (bnc#770695) CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. (bnc#769896) CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (bnc#774523) CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (bnc#773383) CVE-2012-3511: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (bnc#776885) CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. (bnc#789831) CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#786013) CVE-2012-4565: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. (bnc#787576) CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6538: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891) CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892) CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893) CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894) CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898) CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (bnc#809899) CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900) CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901) CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809902) CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903) CVE-2013-0160: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (bnc#797175) CVE-2013-0216: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (bnc#800280)(XSA-39) CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (bnc#801178)(XSA-43) CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (bnc#802642) CVE-2013-0310: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. (bnc#804653) CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226) CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. (bnc#805227) CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. (bnc#804154) CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827) CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (bnc#806138) CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. (bnc#806977) CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (bnc#806976) CVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (bnc#808358) CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (bnc#806980) CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (bnc#806980) CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (bnc#806980) CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. (bnc#811354) CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (bnc#813735) CVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. (bnc#828012) CVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. (bnc#817377) CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (bnc#823267) CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (bnc#823260) CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295) CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750) CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (bnc#827749) CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119) CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#810473) CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (bnc#822575) CVE-2013-2852: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (bnc#822579) CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839) CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839) CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839) CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652) CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095) CVE-2013-4591: Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. (bnc#851103) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) Also the following non-security bugs have been fixed : - x86: Clear HPET configuration registers on startup (bnc#748896). - sched: fix divide by zero in task_utime() (bnc#761774). - sched: Fix pick_next_highest_task_rt() for cgroups (bnc#760596). - mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables. - mm: hugetlbfs: Correctly detect if page tables have just been shared. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)). - cpumask: Partition_sched_domains takes array of cpumask_var_t (bnc#812364). - cpumask: Simplify sched_rt.c (bnc#812364). - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - memcg: fix init_section_page_cgroup pfn alignment (bnc#835481). - tty: fix up atime/mtime mess, take three (bnc#797175). - tty: fix atime/mtime regression (bnc#815745). - ptrace: ptrace_resume() should not wake up !TASK_TRACED thread (bnc#804154). - kbuild: Fix gcc -x syntax (bnc#773831). - ftrace: Disable function tracing during suspend/resume and hibernation, again (bnc#768668). proc: fix pagemap_read() error case (bnc#787573). net: Upgrade device features irrespective of mask (bnc#715250). - tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - netfilter: use RCU safe kfree for conntrack extensions (bnc#827416). - netfilter: prevent race condition breaking net reference counting (bnc#835094). - netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577). - netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577). - tcp_cubic: limit delayed_ack ratio to prevent divide error (bnc#810045). bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648). scsi: Add
    last seen2020-06-05
    modified2015-05-20
    plugin id83611
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83611
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1704-2.NASL
    descriptionUSN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Brad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64436
    published2013-02-04
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64436
    titleUbuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal regression (USN-1704-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1580.NASL
    descriptionUpdated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to
    last seen2020-06-01
    modified2020-06-02
    plugin id63292
    published2012-12-19
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63292
    titleRHEL 6 : kernel (RHSA-2012:1580)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1491.NASL
    descriptionUpdated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.2. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way Netlink messages without SCM_CREDENTIALS (used for authentication) data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages. (CVE-2012-3520, Important) * A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508, Important) * A use-after-free flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76653
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76653
    titleRHEL 6 : MRG (RHSA-2012:1491)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1647-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63119
    published2012-12-02
    reporterUbuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63119
    titleUSN-1647-1 : linux-ti-omap4 vulnerabilities

Redhat

advisories
rhsa
idRHSA-2012:1580
rpms
  • kernel-rt-0:3.2.33-rt50.66.el6rt
  • kernel-rt-debug-0:3.2.33-rt50.66.el6rt
  • kernel-rt-debug-debuginfo-0:3.2.33-rt50.66.el6rt
  • kernel-rt-debug-devel-0:3.2.33-rt50.66.el6rt
  • kernel-rt-debuginfo-0:3.2.33-rt50.66.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.2.33-rt50.66.el6rt
  • kernel-rt-devel-0:3.2.33-rt50.66.el6rt
  • kernel-rt-doc-0:3.2.33-rt50.66.el6rt
  • kernel-rt-firmware-0:3.2.33-rt50.66.el6rt
  • kernel-rt-trace-0:3.2.33-rt50.66.el6rt
  • kernel-rt-trace-debuginfo-0:3.2.33-rt50.66.el6rt
  • kernel-rt-trace-devel-0:3.2.33-rt50.66.el6rt
  • kernel-rt-vanilla-0:3.2.33-rt50.66.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.2.33-rt50.66.el6rt
  • kernel-rt-vanilla-devel-0:3.2.33-rt50.66.el6rt
  • mrg-rt-release-0:3.2.33-rt50.66.el6rt
  • kernel-0:2.6.32-279.19.1.el6
  • kernel-bootwrapper-0:2.6.32-279.19.1.el6
  • kernel-debug-0:2.6.32-279.19.1.el6
  • kernel-debug-debuginfo-0:2.6.32-279.19.1.el6
  • kernel-debug-devel-0:2.6.32-279.19.1.el6
  • kernel-debuginfo-0:2.6.32-279.19.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-279.19.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-279.19.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-279.19.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-279.19.1.el6
  • kernel-devel-0:2.6.32-279.19.1.el6
  • kernel-doc-0:2.6.32-279.19.1.el6
  • kernel-firmware-0:2.6.32-279.19.1.el6
  • kernel-headers-0:2.6.32-279.19.1.el6
  • kernel-kdump-0:2.6.32-279.19.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-279.19.1.el6
  • kernel-kdump-devel-0:2.6.32-279.19.1.el6
  • perf-0:2.6.32-279.19.1.el6
  • perf-debuginfo-0:2.6.32-279.19.1.el6
  • python-perf-0:2.6.32-279.19.1.el6
  • python-perf-debuginfo-0:2.6.32-279.19.1.el6