Vulnerabilities > CVE-2012-5532 - Unspecified vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus

Summary

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.

Vulnerable Configurations

Part Description Count
OS
Linux
1705

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-176.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. (CVE-2013-1979) The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232) net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3235) The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234) The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3233) The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231) The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3229) The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3228) The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3227) The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225) The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224) The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223) The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222) Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. (CVE-2013-2596) arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (CVE-2013-2146) The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. (CVE-2013-2094) The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (CVE-2013-1798) Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (CVE-2013-1797) The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (CVE-2013-1796) The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (CVE-2013-2141) Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. (CVE-2013-1929) The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. (CVE-2012-5532) The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (CVE-2012-6548) The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (CVE-2012-6549) net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2013-2634) The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2013-2635) fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. (CVE-2013-1848) The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (CVE-2013-0914) Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. (CVE-2013-1860) Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (CVE-2013-1792) The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2546) The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2547) The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548) The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. (CVE-2013-0311) Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. (CVE-2013-1763) The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application. (CVE-2013-0290) Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (CVE-2013-1767) The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application. (CVE-2013-0228) Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. (CVE-2013-0217) The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (CVE-2013-0216) The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2012-6547) The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66975
    published2013-06-25
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66975
    titleMandriva Linux Security Advisory : kernel (MDVSA-2013:176)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:176. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66975);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2012-5532", "CVE-2012-6547", "CVE-2012-6548", "CVE-2012-6549", "CVE-2013-0216", "CVE-2013-0217", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-0311", "CVE-2013-0914", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1848", "CVE-2013-1860", "CVE-2013-1929", "CVE-2013-1979", "CVE-2013-2094", "CVE-2013-2141", "CVE-2013-2146", "CVE-2013-2546", "CVE-2013-2547", "CVE-2013-2548", "CVE-2013-2596", "CVE-2013-2634", "CVE-2013-2635", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3227", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3233", "CVE-2013-3234", "CVE-2013-3235");
      script_bugtraq_id(56710, 57743, 57744, 57940, 57964, 58053, 58137, 58177, 58368, 58382, 58426, 58510, 58597, 58600, 58604, 58605, 58607, 58908, 58993, 58994, 58996, 59264, 59377, 59380, 59381, 59383, 59385, 59388, 59389, 59390, 59393, 59394, 59396, 59397, 59538, 59846, 60254, 60324);
      script_xref(name:"MDVSA", value:"2013:176");
    
      script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2013:176)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been found and corrected in the Linux
    kernel :
    
    The scm_set_cred function in include/net/scm.h in the Linux kernel
    before 3.8.11 uses incorrect uid and gid values during credentials
    passing, which allows local users to gain privileges via a crafted
    application. (CVE-2013-1979)
    
    The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232)
    
    net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not
    initialize a certain data structure and a certain length variable,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted recvmsg or recvfrom system call.
    (CVE-2013-3235)
    
    The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234)
    
    The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux
    kernel before 3.9-rc7 does not initialize a certain length variable
    and a certain data structure, which allows local users to obtain
    sensitive information from kernel stack memory via a crafted recvmsg
    or recvfrom system call. (CVE-2013-3233)
    
    The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain length variable, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231)
    
    The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux
    kernel before 3.9-rc7 does not initialize a certain length variable,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted recvmsg or recvfrom system call.
    (CVE-2013-3229)
    
    The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux
    kernel before 3.9-rc7 does not initialize a certain length variable,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted recvmsg or recvfrom system call.
    (CVE-2013-3228)
    
    The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the
    Linux kernel before 3.9-rc7 does not initialize a certain length
    variable, which allows local users to obtain sensitive information
    from kernel stack memory via a crafted recvmsg or recvfrom system
    call. (CVE-2013-3227)
    
    The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the
    Linux kernel before 3.9-rc7 does not initialize a certain length
    variable, which allows local users to obtain sensitive information
    from kernel stack memory via a crafted recvmsg or recvfrom system
    call. (CVE-2013-3225)
    
    The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the
    Linux kernel before 3.9-rc7 does not properly initialize a certain
    length variable, which allows local users to obtain sensitive
    information from kernel stack memory via a crafted recvmsg or recvfrom
    system call. (CVE-2013-3224)
    
    The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223)
    
    The vcc_recvmsg function in net/atm/common.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain length variable, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)
    
    Integer overflow in the fb_mmap function in drivers/video/fbmem.c in
    the Linux kernel before 3.8.9, as used in a certain Motorola build of
    Android 4.1.2 and other products, allows local users to create a
    read-write memory mapping for the entirety of kernel memory, and
    consequently gain privileges, via crafted /dev/graphics/fb0 mmap2
    system calls, as demonstrated by the Motochopper pwn program.
    (CVE-2013-2596)
    
    arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before
    3.8.9, when the Performance Events Subsystem is enabled, specifies an
    incorrect bitmask, which allows local users to cause a denial of
    service (general protection fault and system crash) by attempting to
    set a reserved bit. (CVE-2013-2146)
    
    The perf_swevent_init function in kernel/events/core.c in the Linux
    kernel before 3.8.9 uses an incorrect integer data type, which allows
    local users to gain privileges via a crafted perf_event_open system
    call. (CVE-2013-2094)
    
    The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux
    kernel through 3.8.4 does not properly handle a certain combination of
    invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which
    allows guest OS users to obtain sensitive information from host OS
    memory or cause a denial of service (host OS OOPS) via a crafted
    application. (CVE-2013-1798)
    
    Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel
    through 3.8.4 allows guest OS users to cause a denial of service (host
    OS memory corruption) or possibly have unspecified other impact via a
    crafted application that triggers use of a guest physical address
    (GPA) in (1) movable or (2) removable memory during an
    MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (CVE-2013-1797)
    
    The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux
    kernel through 3.8.4 does not ensure a required time_page alignment
    during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users
    to cause a denial of service (buffer overflow and host OS memory
    corruption) or possibly have unspecified other impact via a crafted
    application. (CVE-2013-1796)
    
    The do_tkill function in kernel/signal.c in the Linux kernel before
    3.8.9 does not initialize a certain data structure, which allows local
    users to obtain sensitive information from kernel memory via a crafted
    application that makes a (1) tkill or (2) tgkill system call.
    (CVE-2013-2141)
    
    Heap-based buffer overflow in the tg3_read_vpd function in
    drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6
    allows physically proximate attackers to cause a denial of service
    (system crash) or possibly execute arbitrary code via crafted firmware
    that specifies a long string in the Vital Product Data (VPD) data
    structure. (CVE-2013-1929)
    
    The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as
    distributed in the Linux kernel before 3.8-rc1, allows local users to
    cause a denial of service (daemon exit) via a crafted application that
    sends a Netlink message. NOTE: this vulnerability exists because of an
    incorrect fix for CVE-2012-2669. (CVE-2012-5532)
    
    The udf_encode_fh function in fs/udf/namei.c in the Linux kernel
    before 3.6 does not initialize a certain structure member, which
    allows local users to obtain sensitive information from kernel heap
    memory via a crafted application. (CVE-2012-6548)
    
    The isofs_export_encode_fh function in fs/isofs/export.c in the Linux
    kernel before 3.6 does not initialize a certain structure member,
    which allows local users to obtain sensitive information from kernel
    heap memory via a crafted application. (CVE-2012-6549)
    
    net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize
    certain structures, which allows local users to obtain sensitive
    information from kernel stack memory via a crafted application.
    (CVE-2013-2634)
    
    The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux
    kernel before 3.8.4 does not initialize a certain structure member,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted application. (CVE-2013-2635)
    
    fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect
    arguments to functions in certain circumstances related to printk
    input, which allows local users to conduct format-string attacks and
    possibly gain privileges via a crafted application. (CVE-2013-1848)
    
    The flush_signal_handlers function in kernel/signal.c in the Linux
    kernel before 3.8.4 preserves the value of the sa_restorer field
    across an exec operation, which makes it easier for local users to
    bypass the ASLR protection mechanism via a crafted application
    containing a sigaction system call. (CVE-2013-0914)
    
    Heap-based buffer overflow in the wdm_in_callback function in
    drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows
    physically proximate attackers to cause a denial of service (system
    crash) or possibly execute arbitrary code via a crafted cdc-wdm USB
    device. (CVE-2013-1860)
    
    Race condition in the install_user_keyrings function in
    security/keys/process_keys.c in the Linux kernel before 3.8.3 allows
    local users to cause a denial of service (NULL pointer dereference and
    system crash) via crafted keyctl system calls that trigger keyring
    operations in simultaneous threads. (CVE-2013-1792)
    
    The report API in the crypto user configuration API in the Linux
    kernel through 3.8.2 uses an incorrect C library function for copying
    strings, which allows local users to obtain sensitive information from
    kernel stack memory by leveraging the CAP_NET_ADMIN capability.
    (CVE-2013-2546)
    
    The crypto_report_one function in crypto/crypto_user.c in the report
    API in the crypto user configuration API in the Linux kernel through
    3.8.2 does not initialize certain structure members, which allows
    local users to obtain sensitive information from kernel heap memory by
    leveraging the CAP_NET_ADMIN capability. (CVE-2013-2547)
    
    The crypto_report_one function in crypto/crypto_user.c in the report
    API in the crypto user configuration API in the Linux kernel through
    3.8.2 uses an incorrect length value during a copy operation, which
    allows local users to obtain sensitive information from kernel memory
    by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548)
    
    The translate_desc function in drivers/vhost/vhost.c in the Linux
    kernel before 3.7 does not properly handle cross-region descriptors,
    which allows guest OS users to obtain host OS privileges by leveraging
    KVM guest OS privileges. (CVE-2013-0311)
    
    Array index error in the __sock_diag_rcv_msg function in
    net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local
    users to gain privileges via a large family value in a Netlink
    message. (CVE-2013-1763)
    
    The __skb_recv_datagram function in net/core/datagram.c in the Linux
    kernel before 3.8 does not properly handle the MSG_PEEK flag with
    zero-length data, which allows local users to cause a denial of
    service (infinite loop and system hang) via a crafted application.
    (CVE-2013-0290)
    
    Use-after-free vulnerability in the shmem_remount_fs function in
    mm/shmem.c in the Linux kernel before 3.7.10 allows local users to
    gain privileges or cause a denial of service (system crash) by
    remounting a tmpfs filesystem without specifying a required mpol (aka
    mempolicy) mount option. (CVE-2013-1767)
    
    The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel
    before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly
    handle an invalid value in the DS segment register, which allows guest
    OS users to gain guest OS privileges via a crafted application.
    (CVE-2013-0228)
    
    Memory leak in drivers/net/xen-netback/netback.c in the Xen netback
    functionality in the Linux kernel before 3.7.8 allows guest OS users
    to cause a denial of service (memory consumption) by triggering
    certain error conditions. (CVE-2013-0217)
    
    The Xen netback functionality in the Linux kernel before 3.7.8 allows
    guest OS users to cause a denial of service (loop) by triggering ring
    pointer corruption. (CVE-2013-0216)
    
    The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel
    before 3.6 does not initialize a certain structure, which allows local
    users to obtain sensitive information from kernel stack memory via a
    crafted application. (CVE-2012-6547)
    
    The updated packages provides a solution for these security issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpupower");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"cpupower-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-firmware-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-headers-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-devel-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-source-3.4.47-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower-devel-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower0-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perf-3.4.47-1.1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1726-1.NASL
    descriptionIt was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. (CVE-2012-2669) Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508) Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. (CVE-2012-5532)
    last seen2020-06-01
    modified2020-06-02
    plugin id64641
    published2013-02-15
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64641
    titleUSN-1726-1 : linux-ti-omap4 vulnerabilities
    code
    # This script was automatically generated from Ubuntu Security
    # Notice USN-1726-1.  It is released under the Nessus Script 
    # Licence.
    #
    # Ubuntu Security Notices are (C) Canonical, Inc.
    # See http://www.ubuntu.com/usn/
    # Ubuntu(R) is a registered trademark of Canonical, Inc.
    
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64641);
      script_version("$Revision: 1.2 $");
      script_cvs_date("$Date: 2016/12/01 20:56:52 $");
    
     script_cve_id("CVE-2012-2669", "CVE-2012-4508", "CVE-2012-5532");
      script_xref(name:"USN", value:"1726-1");
    
      script_name(english:"USN-1726-1 : linux-ti-omap4 vulnerabilities");
      script_summary(english:"Checks dpkg output for updated package(s)");
    
      script_set_attribute(attribute:"synopsis", value: 
    "The remote Ubuntu host is missing one or more security-related
    patches.");
      script_set_attribute(attribute:"description", value:
    "It was discovered that hypervkvpd, which is distributed in the Linux
    kernel, was not correctly validating the origin on Netlink messages.
    An untrusted local user can cause a denial of service of Linux guests
    in Hyper-V virtualization environments. (CVE-2012-2669)
    
    Dmitry Monakhov reported a race condition flaw the Linux ext4
    filesystem that can expose stale data. An unprivileged user could
    exploit this flaw to cause an information leak. (CVE-2012-4508)
    
    Florian Weimer discovered that hypervkvpd, which is distributed in
    the Linux kernel, was not correctly validating source addresses of
    netlink packets. An untrusted local user can cause a denial of
    service by causing hypervkvpd to exit. (CVE-2012-5532)");
      script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1726-1/");
      script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/14");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/15");
      script_end_attributes();
        
      script_category(ACT_GATHER_INFO);
      script_family(english:"Ubuntu Local Security Checks");
    
      script_copyright("Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("ubuntu.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu.");
    if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages.");
    
    flag = 0;
    
    if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-1221-omap4", pkgver:"3.0.0-1221.34")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:ubuntu_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1696-2.NASL
    descriptionUSN-1696-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Jon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64432
    published2013-02-04
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64432
    titleUbuntu 12.04 LTS : linux regression (USN-1696-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1696-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64432);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-4461", "CVE-2012-4530", "CVE-2012-5532");
      script_xref(name:"USN", value:"1696-2");
    
      script_name(english:"Ubuntu 12.04 LTS : linux regression (USN-1696-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-1696-1 fixed vulnerabilities in the Linux kernel. Due to an
    unrelated regression inotify/fanotify stopped working after upgrading.
    This update fixes the problem.
    
    We apologize for the inconvenience.
    
    Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based
    virtual machine) subsystem's handling of the XSAVE feature. On hosts,
    using qemu userspace, without the XSAVE feature an unprivileged local
    attacker could exploit this flaw to crash the system. (CVE-2012-4461)
    
    A flaw was discovered in the Linux kernel's handling of
    script execution when module loading is enabled. A local
    attacker could exploit this flaw to cause a leak of kernel
    stack contents. (CVE-2012-4530)
    
    Florian Weimer discovered that hypervkvpd, which is
    distributed in the Linux kernel, was not correctly
    validating source addresses of netlink packets. An untrusted
    local user can cause a denial of service by causing
    hypervkvpd to exit. (CVE-2012-5532).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1696-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2012-4461", "CVE-2012-4530", "CVE-2012-5532");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1696-2");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-37-generic", pkgver:"3.2.0-37.58")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-37-generic-pae", pkgver:"3.2.0-37.58")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-37-highbank", pkgver:"3.2.0-37.58")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-37-virtual", pkgver:"3.2.0-37.58")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1698-2.NASL
    descriptionUSN-1698-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64433
    published2013-02-03
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64433
    titleUSN-1698-2 : linux-ti-omap4 regression
    code
    # This script was automatically generated from Ubuntu Security
    # Notice USN-1698-2.  It is released under the Nessus Script 
    # Licence.
    #
    # Ubuntu Security Notices are (C) Canonical, Inc.
    # See http://www.ubuntu.com/usn/
    # Ubuntu(R) is a registered trademark of Canonical, Inc.
    
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64433);
      script_version("$Revision: 1.2 $");
      script_cvs_date("$Date: 2016/12/01 20:56:51 $");
    
     script_cve_id("CVE-2012-4530", "CVE-2012-5532");
      script_xref(name:"USN", value:"1698-2");
    
      script_name(english:"USN-1698-2 : linux-ti-omap4 regression");
      script_summary(english:"Checks dpkg output for updated package(s)");
    
      script_set_attribute(attribute:"synopsis", value: 
    "The remote Ubuntu host is missing one or more security-related
    patches.");
      script_set_attribute(attribute:"description", value:
    "USN-1698-1 fixed vulnerabilities in the Linux kernel. Due to an
    unrelated regression inotify/fanotify stopped working after
    upgrading. This update fixes the problem.
    
    We apologize for the inconvenience.
    
    Original advisory details:
    
     A flaw was discovered in the Linux kernel's handling of script
    execution when module loading is enabled. A local attacker could
    exploit this flaw to cause a leak of kernel stack contents.
    (CVE-2012-4530)
     
     Florian Weimer discovered that hypervkvpd, which is distributed in
    the Linux kernel, was not correctly validating source addresses of
    netlink packets. An untrusted local user can cause a denial of
    service by causing hypervkvpd to exit. (CVE-2012-5532)");
      script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1698-2/");
      script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/01");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/03");
      script_end_attributes();
        
      script_category(ACT_GATHER_INFO);
      script_family(english:"Ubuntu Local Security Checks");
    
      script_copyright("Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("ubuntu.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu.");
    if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages.");
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-1425-omap4", pkgver:"3.2.0-1425.33")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:ubuntu_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1700-1.NASL
    descriptionA flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63616
    published2013-01-18
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63616
    titleUSN-1700-1 : linux-ti-omap4 vulnerabilities
    code
    # This script was automatically generated from Ubuntu Security
    # Notice USN-1700-1.  It is released under the Nessus Script 
    # Licence.
    #
    # Ubuntu Security Notices are (C) Canonical, Inc.
    # See http://www.ubuntu.com/usn/
    # Ubuntu(R) is a registered trademark of Canonical, Inc.
    
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63616);
      script_version("$Revision: 1.2 $");
      script_cvs_date("$Date: 2016/12/01 20:56:51 $");
    
     script_cve_id("CVE-2012-4530", "CVE-2012-5532");
      script_xref(name:"USN", value:"1700-1");
    
      script_name(english:"USN-1700-1 : linux-ti-omap4 vulnerabilities");
      script_summary(english:"Checks dpkg output for updated package(s)");
    
      script_set_attribute(attribute:"synopsis", value: 
    "The remote Ubuntu host is missing one or more security-related
    patches.");
      script_set_attribute(attribute:"description", value:
    "A flaw was discovered in the Linux kernel's handling of script
    execution when module loading is enabled. A local attacker could
    exploit this flaw to cause a leak of kernel stack contents.
    (CVE-2012-4530)
    
    Florian Weimer discovered that hypervkvpd, which is distributed in
    the Linux kernel, was not correctly validating source addresses of
    netlink packets. An untrusted local user can cause a denial of
    service by causing hypervkvpd to exit. (CVE-2012-5532)");
      script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1700-1/");
      script_set_attribute(attribute:"solution", value:"Update the affected package(s).");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/18");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/18");
      script_end_attributes();
        
      script_category(ACT_GATHER_INFO);
      script_family(english:"Ubuntu Local Security Checks");
    
      script_copyright("Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    include("ubuntu.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu.");
    if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages.");
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.10", pkgname:"linux-image-3.5.0-217-omap4", pkgver:"3.5.0-217.25")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:ubuntu_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1696-1.NASL
    descriptionJon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63613
    published2013-01-18
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63613
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-1696-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1700-2.NASL
    descriptionUSN-1700-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64435
    published2013-02-03
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64435
    titleUSN-1700-2 : linux-ti-omap4 regression
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1704-1.NASL
    descriptionBrad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63669
    published2013-01-23
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63669
    titleUbuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal vulnerabilities (USN-1704-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130509_HYPERVKVPD_ON_SL5_X.NASL
    descriptionA denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest
    last seen2020-03-18
    modified2013-05-10
    plugin id66371
    published2013-05-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66371
    titleScientific Linux Security Update : hypervkvpd on SL5.x i386/x86_64 (20130509)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1699-1.NASL
    descriptionJon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63615
    published2013-01-18
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63615
    titleUbuntu 12.10 : linux vulnerabilities (USN-1699-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1699-2.NASL
    descriptionUSN-1699-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Jon Howell reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64434
    published2013-02-04
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64434
    titleUbuntu 12.10 : linux regression (USN-1699-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1720-1.NASL
    descriptionIt was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. (CVE-2012-2669) Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508) Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. (CVE-2012-5532) Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. (CVE-2013-0190). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id64618
    published2013-02-13
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64618
    titleUbuntu 11.10 : linux vulnerabilities (USN-1720-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0807.NASL
    descriptionAn updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair (KVP) daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest
    last seen2020-06-01
    modified2020-06-02
    plugin id66396
    published2013-05-14
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66396
    titleCentOS 5 : hypervkvpd (CESA-2013:0807)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1704-2.NASL
    descriptionUSN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Brad Spengler discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64436
    published2013-02-04
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64436
    titleUbuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal regression (USN-1704-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1698-1.NASL
    descriptionA flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id63614
    published2013-01-18
    reporterUbuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63614
    titleUSN-1698-1 : linux-ti-omap4 vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0807.NASL
    descriptionAn updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair (KVP) daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest
    last seen2020-06-01
    modified2020-06-02
    plugin id66370
    published2013-05-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66370
    titleRHEL 5 : hypervkvpd (RHSA-2013:0807)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0807.NASL
    descriptionFrom Red Hat Security Advisory 2013:0807 : An updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair (KVP) daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest
    last seen2020-06-01
    modified2020-06-02
    plugin id68818
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68818
    titleOracle Linux 5 : hypervkvpd (ELSA-2013-0807)

Redhat

advisories
bugzilla
id953502
title"
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commenthypervkvpd is earlier than 0:0-0.7.el5_9.3
      ovaloval:com.redhat.rhsa:tst:20130807001
    • commenthypervkvpd is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20130807002
rhsa
idRHSA-2013:0807
released2013-05-09
severityLow
titleRHSA-2013:0807: hypervkvpd security and bug fix update (Low)
rpms
  • hypervkvpd-0:0-0.7.el5_9.3
  • hypervkvpd-debuginfo-0:0-0.7.el5_9.3

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:56710 CVE ID:CVE-2012-5532 Linux是一款开源的操作系统。 当处理伪造的Netlink报文时,会导致hypervkvpd退出,本地攻击者可以利用漏洞发送非零nl_pid源地址Netlink消息使系统崩溃。 0 Linux kernel 2.6.x 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: https://git.kernel.org/?p=linux/kernel/git/gregkh/char-misc.git;a=commit;h=95a69adab9acfc3981c504737a2b6578e4d846ef
idSSV:60487
last seen2017-11-19
modified2012-11-30
published2012-11-30
reporterRoot
titleLinux Kernel hypervkvpd 'hv_kvp_daemon.c' Netlink报文处理拒绝服务漏洞